The Agent Skills Directory

[SAFE]: The skill's behavior is consistent with its stated purpose of auditing code quality. It relies on the vendor's own infrastructure on GitHub to retrieve rule sets.
[EXTERNAL_DOWNLOADS]: Fetches latest NestJS standards in Markdown format from raw.githubusercontent.com/somnio-software/cursor-rules/. This is an expected mechanism for keeping audit rules up-to-date and targets a well-known service.
[COMMAND_EXECUTION]: Uses Bash, Grep, and Glob tools to inspect local source code for compliance with best practices. These capabilities are necessary for code analysis.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests remote instructions to guide its analysis. 1. Ingestion points: standards fetched from remote URLs in all files within the references/ directory. 2. Boundary markers: Not present in the prompt instructions. 3. Capability inventory: Bash, Write, and Edit as specified in SKILL.md. 4. Sanitization: No explicit content filtering or sanitization of remote rules is performed. Given the source is the vendor's own repository, this is documented as a neutral finding.

nestjs-best-practices