The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill ingests untrusted code files (ingestion points in src/, lib/, etc.) but lacks explicit boundary markers or sanitization. However, its capability set is restricted to read-only tools (Read, Grep, Glob) and WebSearch, with critical tools like Bash and Write explicitly restricted, effectively neutralizing most injection risks. Evidence: 1. Ingestion: project code files; 2. Boundaries: absent; 3. Capabilities: Read, Grep, Glob, WebSearch; 4. Sanitization: absent.
Command Execution (SAFE): The pre_execution and post_execution hooks contain shell commands (find, grep, ls). These are used for benign environment discovery (counting files, checking for linting configs) and do not involve remote code or the execution of untrusted external input.
Data Exposure (SAFE): The skill includes a forbidden_paths constraint that prevents the agent from accessing sensitive directories like .git and node_modules, protecting against accidental exposure of secrets or repository metadata.

agent-analyze-code-quality