The Agent Skills Directory

[SAFE]: The skill is designed for legitimate code cleanup and adheres to software engineering best practices. No malicious obfuscation, privilege escalation, or persistence patterns were found.
[EXTERNAL_DOWNLOADS]: References to external tools such as GitHub Actions, SonarQube, and AI-review platforms (CodeRabbit, CodiumAI) are documented as part of standard developer toolchains and target well-known, trusted services.
[DATA_EXFILTRATION]: No sensitive data access or exfiltration attempts were identified. The playbook specifically instructs on the secure removal of hardcoded secrets as part of a clean code strategy.
[PROMPT_INJECTION]: A surface for indirect prompt injection exists in the processing of user-supplied code through the $ARGUMENTS variable. 1. Ingestion point: $ARGUMENTS in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Text transformation and code generation. 4. Sanitization: Absent. The risk is evaluated as safe because the skill's primary function is static code transformation without direct execution of the input code.

codebase-cleanup-refactor-clean