The Agent Skills Directory

[SAFE]: The skill focuses on project structure discovery and documentation. No malicious patterns such as prompt injection, obfuscation, or data exfiltration were detected.
[DATA_EXPOSURE]: The skill instructs the agent to analyze project configuration files, including repository root files, CI/CD configurations, and environment variable templates (e.g., .env.example). This behavior is consistent with its stated purpose of project 'Preflight' and discovery. There are no instructions to send this data to external servers.
[COMMAND_EXECUTION]: The skill references identifying execution commands (scripts, Makefile targets, npm scripts) to document them as 'entry points' but does not provide instructions to execute these commands during the analysis phase.
[INDIRECT_PROMPT_INJECTION]: As a discovery tool, this skill processes untrusted project data (source code, READMEs, CI files). While this creates an ingestion surface for indirect prompt injection, the skill's capabilities are limited to writing documentation to a local directory (.aisdlc/), which significantly mitigates the risk of exploitation. No boundary markers are explicitly defined, but the structured output format (markdown tables) provides inherent data separation.

project-discover-preflight-scope