The Agent Skills Directory

No Code (SAFE): The skill primarily consists of documentation and a utility bash script. It does not include any third-party binaries or libraries, and it does not perform any package installation operations (e.g., npm install or pip install).
Command Execution (SAFE): The analyze-migration.sh script executes standard Unix utilities like grep, rg, and awk to perform pattern matching on a provided local directory path. Input variables are properly quoted to prevent simple shell injection, and the script restricts its actions to reading file contents and printing summaries.
Data Exfiltration (SAFE): No network-related commands (such as curl, wget, or fetch) are present in any of the skill files. Analysis is performed entirely on the local file system with no data leaving the environment.
Indirect Prompt Injection (SAFE): While the skill ingests local source code by scanning for patterns, it only outputs aggregated counts and file paths. It does not raw-echo untrusted file contents back to the agent in a manner that would expose an injection surface.

solana-kit-migration