The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The bin/cli.js script performs standard file system operations (copying files and updating a local index) to install the skill into the user's .claude/skills directory. This is the intended behavior for an installer and does not involve arbitrary command execution or privilege escalation.
[DATA_EXFILTRATION] (SAFE): No evidence of data exfiltration was found. The skill operates on local repository files and writes its findings to a local directory named .bddready. There are no network requests (e.g., fetch, curl) or credential harvesting patterns in the provided source code.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it analyzes untrusted content such as feature files and step definitions provided by the user. 1. Ingestion points: discovery.md instructs the agent to read *.feature and step_definitions/ files. 2. Boundary markers: None are explicitly defined in the modules. 3. Capability inventory: The agent generates reports in Markdown, JSON, and HTML formats within the .bddready directory. 4. Sanitization: No sanitization logic is present in the markdown instructions to filter instructions hidden within test comments or Gherkin scenarios.
[REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns were detected. The project uses standard Node.js scripts for its operations and does not download or execute scripts from untrusted external URLs.

auditing-bdd-tests