The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The scripts/lint_runner.py script executes local development commands such as npm run lint, npx eslint, ruff, and mypy via subprocess.run.
Evidence: The script constructs command lists (e.g., ["npm", "run", "lint"]) and executes them in the context of the project being analyzed.
Context: This behavior is fundamental to the skill's purpose as a linter. The use of argument lists instead of raw shell strings provides protection against direct command injection.
[DATA_EXPOSURE] (SAFE): The scripts read project configuration files and source code to perform analysis and generate coverage reports.
Evidence: lint_runner.py reads package.json and pyproject.toml; type_coverage.py reads .ts, .tsx, and .py files.
Context: File access is restricted to the target project directory. No access to sensitive system directories (e.g., SSH keys, environment secrets) or exfiltration via network calls was found.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted source code and metadata from the local filesystem for analysis.
Ingestion points: scripts/type_coverage.py reads file content using read_text().
Boundary markers: No specific delimiters are used to wrap the ingested code content.
Capability inventory: The skill can execute local commands through the Bash tool and its own Python scripts.
Sanitization: No sanitization is performed on the file content before regex processing, though the output is limited to statistical data and coverage metrics.
Context: While an attacker could place malicious instructions in code comments, the risk is inherent to static analysis tools and is mitigated here by the specialized nature of the output (regex-based metrics).

lint-and-validate