The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Bash for environmental analysis but limits its use to read-only commands such as git ls-files, ls, and find. Instructions in SKILL.md explicitly forbid the execution of build or install scripts.
[DATA_EXFILTRATION]: A mandatory security scan (references/security-check.md) is performed before any file is written, identifying and blocking the output of passwords, tokens, private keys, and sensitive connection strings.
[PROMPT_INJECTION]: The skill manages the risk of indirect prompt injection within codebases through several layers. Ingestion points: The skill reads codebase files in Phase 0, 1, and 2 using Read, Grep, and Glob. Boundary markers: It strictly distinguishes between a read-only 'Source Zone' and a user-approved 'Doc Zone', requiring source citations for all claims. Capability inventory: Restricted to Bash (read-only), Write, and Edit. Sanitization: A pre-write security scanner is used to filter sensitive information.
[REMOTE_CODE_EXECUTION]: The skill does not perform remote code execution. All installation references point to verified vendor repositories belonging to the author 'wubabalala'.

project-onboarding