The Agent Skills Directory

[SAFE]: The skill focuses on local file optimization and does not perform network operations, access sensitive credentials, or implement persistence mechanisms. All actions are scoped to the development environment.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform path normalization and content inventory of local agent files. This is a standard and necessary function for a file refactoring utility.
[PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it processes user-provided AGENT.md files which may contain embedded instructions.
Ingestion points: Reads the content of $target in Step 1 and Step 3.
Boundary markers: The skill does not use specific delimiters to separate ingested agent text from its own internal logic.
Capability inventory: The skill has access to Bash, Read, Write, Edit, Glob, Grep, and Agent tools.
Sanitization: There is no explicit sanitization of the markdown content before it is processed for analysis or rewriting.
Assessment: The risk is mitigated by the highly structured audit logic which prioritizes structural extraction over arbitrary content execution.

normalize-agent-for-claude