The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in lib/workflow_state/parity.py to execute npx skills ls -g --json. This command identifies installed skills to verify parity with the repository. It uses a predefined list of arguments and does not involve a shell or untrusted input.
[PROMPT_INJECTION]: The skill represents an indirect prompt injection surface because it reads and parses user-controlled artifacts such as README.md and metadata files to rebuild registries. However, this is consistent with its intended purpose of repository maintenance.
Ingestion points: Reads from registry.json, README.md, and various .meta.json files within discovered artifact directories.
Boundary markers: Data is parsed into structured formats (JSON/Python objects), but no explicit LLM boundary markers are used in the generated summaries.
Capability inventory: Includes file system writes (registry/readme updates) and system command execution (parity checks via subprocess).
Sanitization: Uses standard JSON parsing and regular expressions for data extraction; no specific sanitization is applied for the purpose of preventing instruction injection.
[SAFE]: The skill employs dynamic module loading via importlib.util in lib/workflow_state/inventory.py. This mechanism is used to share business logic across different scripts in the toolkit. The module paths are strictly controlled and relative to the skill's own installation path, preventing the execution of arbitrary or untrusted code.

repair-artifacts