The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform standard development tasks, such as gathering context with git diff, executing test suites (pytest, npm test), and starting development servers for visual capture. All command execution is transparently documented and aligned with the skill's primary purpose.
[EXTERNAL_DOWNLOADS]: The skill interacts with official package registries and security tools (e.g., npm audit, pip-audit) to verify dependencies. These interactions target well-known, trusted services and do not involve untrusted third-party sources.
[PERSISTENCE]: The skill employs CronCreate to schedule periodic regression checks. This is a documented functionality for maintaining codebase quality over time and does not represent a malicious persistence mechanism.
[DATA_EXFILTRATION]: Network operations are restricted to localhost for dev server health checks and standard API interactions with the host's package management tools. There is no evidence of sensitive data being sent to external or suspicious domains.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests local codebase content (git diffs, source files) to provide verification feedback, it does not demonstrate any combined read-and-write patterns that would suggest an exploitable injection surface. The ingestion is necessary for its function as a quality gate tool.

verify