The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Bash and Grep to perform environment detection and codebase scanning. These operations are scoped to the project directories and are used for identifying hardcoded version strings and deprecated API patterns as part of the assessment process.
[EXTERNAL_DOWNLOADS]: Phases of the workflow use WebSearch and WebFetch to retrieve information about Claude models and platform changelogs. These are informational fetches used for research and do not involve executing remote scripts or binaries.
[DATA_EXFILTRATION]: While the skill reads project metadata and configuration files to determine the current environment state, it does not attempt to access sensitive system files (e.g., SSH keys, credentials) or exfiltrate data to external servers.
[PROMPT_INJECTION]: The skill processes untrusted data from the web and the local codebase, which is a standard surface for indirect prompt injection.
Ingestion points: Data is gathered from web searches and project file reads.
Boundary markers: The workflow does not explicitly mention the use of delimiters for processed content.
Capability inventory: The skill has access to Bash (command execution) and network tools (WebFetch).
Sanitization: There are no explicit sanitization or validation steps described for the external content before it is incorporated into the assessment report.

upgrade-assessment