The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform environment detection and codebase scanning. These operations include checking for the existence of specific directories (src/skills, src/agents), running version checks (claude --version), and using grep to identify potential breaking changes in the source code. These commands are localized to the project directory and are standard for a technical assessment tool.
[EXTERNAL_DOWNLOADS]: In Phase 2 (Research), the skill uses WebSearch and WebFetch to look up capabilities and changelogs for target Claude models and platform versions. This is used to inform the assessment report and does not involve downloading or executing arbitrary binaries.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external web content (via WebFetch) and the local codebase (via Read and Grep). If an attacker places malicious instructions in a scanned file or a public changelog, they could potentially influence the agent's behavior.
Ingestion points: WebFetch for external documentation and Grep/Read for scanning local src/ files and configuration.
Boundary markers: The instructions do not define explicit delimiters or 'ignore' directives to wrap the content read from files or the web before processing.
Capability inventory: The skill has access to high-privilege tools including Bash (command execution) and Task (background processes).
Sanitization: There is no evidence of content sanitization, filtering, or validation for instructions before the data is processed by the agent.

upgrade-assessment