The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Python's shutil and os modules to manage local skill folders through backup, archive, and move operations. It also dynamically generates executable Bash scripts (.command files) to allow users to rescan directories or open reports. The skill uses shlex.quote() to sanitize paths and prevent command injection, and it sets file permissions to 0o755 for executability.- [PROMPT_INJECTION]: The skill processes untrusted content from external directories during its audit scan, creating a surface for indirect prompt injection.
Ingestion points: scripts/scan_skills.py reads the content of all files matching specific text extensions within user-provided root directories.
Boundary markers: The skill does not use explicit boundary markers or delimiters when interpolating untrusted content into its internal analysis logic.
Capability inventory: The skill can write files, move directories, and generate executable shell scripts.
Sanitization: Content displayed in the HTML report is sanitized via html.escape(), and paths used in generated scripts are sanitized via shlex.quote().- [DATA_EXFILTRATION]: The skill's primary function is to scan for sensitive data, including API keys, private keys, and environment variables, within local directories. This information is aggregated into a local HTML report. While the skill accesses sensitive data as part of its audit function, no evidence of network exfiltration was found.

skill-doctor