The Agent Skills Directory

[SAFE]: Analysis of the skill instructions and associated Python scripts found no malicious patterns, obfuscation, or data exfiltration attempts.
[COMMAND_EXECUTION]: The skill defines several helper functions for running external tools like git, uv, and ruff. These functions utilize the Python subprocess module with arguments passed as lists, effectively mitigating the risk of command injection.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection. 1. Ingestion points: scripts/common_utils.py (safe_read) and SKILL.md (Read/Grep tools) allow reading external file content. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined. 3. Capability inventory: scripts/subprocess_helpers.py (run_cmd) and SKILL.md (Bash tool) provide shell execution capabilities. 4. Sanitization: No explicit sanitization or validation of the file contents is performed before they are processed by the agent. This is considered a low-risk inherent characteristic of development tools.
[EXTERNAL_DOWNLOADS]: The skill references official documentation and well-known development tools (e.g., Astral's Ruff and UV). These references are informational and do not involve the automated execution of untrusted remote code.

python-project-development