The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the project's CLAUDE.md file. The agent is instructed to read this file to identify 'Code Clone Exceptions', which could allow a malicious project to embed instructions to override the agent's behavior. Ingestion points: The CLAUDE.md file (as documented in references/complete-workflow.md). Boundary markers: None specified to differentiate between configuration and natural language instructions. Capability inventory: Access to Bash, Edit, Write, Read, and Grep tools. Sanitization: None specified for the content retrieved from the codebase.\n- [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to run PMD CPD and Semgrep for code analysis. It also performs file system operations, such as creating temporary directories in /tmp/ to store audit results. Evidence found in references/complete-workflow.md and references/detection-commands.md.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing pmd and semgrep via the Homebrew package manager. These are well-known technology tools and services. Evidence found in references/refactoring-strategies.md.

code-clone-assistant