The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill executes local Python scripts to automate configuration tasks. The provided scripts perform file I/O operations consistent with their described purpose and do not contain dynamic code execution (eval/exec) or network operations.
[DATA_EXFILTRATION] (LOW): The scripts/convert_claude_to_agents.py script resolves @import statements. While it specifically prevents inlining files from the user's home directory (~), it allows the resolution of arbitrary absolute paths (e.g., @/etc/passwd). If a user or agent is tricked into converting a malicious CLAUDE.md file, sensitive system files could be inlined into the resulting AGENTS.md document.
[PROMPT_INJECTION] (LOW): The skill processes external markdown files and inlines content into agent instructions. It lacks boundary markers or sanitization for inlined content (Evidence: scripts/convert_claude_to_agents.py line 147), creating a surface for indirect prompt injection where instructions in the source file could bypass agent constraints once migrated to AGENTS.md.
[SAFE] (INFO): The skill includes a security-enhancing utility scripts/validate_agents_md.py that proactively audits AGENTS.md files for hardcoded credentials (API keys, tokens, private keys) using a predefined set of regex patterns.
[NO_CODE] (INFO): Two scripts referenced in the main documentation (analyze_project.py and generate_config_toml.py) are missing from the file set, preventing a full audit of those components.

agents-md-manager