The Agent Skills Directory

COMMAND_EXECUTION (SAFE): The skill includes a local bash script (scripts/run-audit.sh) that executes standard Unix utilities such as find, grep, wc, and jq to audit the repository. These operations are performed on project-specific paths and do not involve high-risk commands or privilege escalation.\n- DATA_EXFILTRATION (SAFE): The skill analyzes local skill metadata and manifests. It does not access sensitive user files (e.g., SSH keys, AWS credentials) and does not perform any network operations to transmit data externally.\n- PROMPT_INJECTION (SAFE): There are no patterns of prompt injection or instructions to bypass safety guidelines. The skill's data processing logic (Category 8) is restricted to metadata validation. (Evidence: Ingestion point: src/skills/*/SKILL.md via globbing; Boundary markers: None; Capability inventory: find, grep, wc, jq; Sanitization: Uses grep -q and jq --arg which prevents content from being interpreted as commands.)

audit-skills