The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides three shell scripts (analyze-gaps.sh, compare-docs-code.sh, and generate-report.sh) that automate the comparison of documentation files against source code. These scripts use standard system utilities like find, wc, and cat, and properly quote variables to prevent command injection.\n- [DATA_EXPOSURE]: By design, the skill analyzes local project directories (/docs and /src). This access is necessary for its stated purpose of identifying missing implementations or documentation. The scripts do not target sensitive system paths or credentials.\n- [PROMPT_INJECTION]: The skill processes untrusted documentation and source code, which represents an indirect prompt injection surface. However, the risk is minimal as the skill performs local analysis and does not possess capabilities that could be exploited for exfiltration or persistence.\n- [REMOTE_CODE_EXECUTION]: The generate-report.sh script implements a validate_path function that checks for directory traversal sequences (..) and absolute paths (/). This ensures that the agent cannot be tricked into reading or writing files outside of the intended project scope.

gap-analysis