The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is configured to locate and read sensitive configuration and authentication files as part of its reverse-engineering workflow.
Evidence: The references/analysis-checklist.md and references/analysis-process.md files explicitly instruct the agent to search for and examine .env files, authentication guards, and JWT-related configurations.
Context: This access is used to generate a comprehensive system specification, but it exposes the agent to sensitive credentials stored in the local environment.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and interprets content from untrusted external codebases.
Ingestion points: Source code, configuration files, and documentation are ingested via Read, Grep, and Glob tools across the target project directory as defined in SKILL.md and references/analysis-process.md.
Boundary markers: The instructions do not include specific delimiters or protective instructions to help the agent distinguish between the skill's workflow and instructions that might be embedded in the analyzed code.
Capability inventory: The skill is permitted to use Bash, Read, Grep, and Glob tools and has the capability to write output to the local filesystem.
Sanitization: No sanitization or filtering of the content read from the codebase is performed before it is processed by the agent.
[COMMAND_EXECUTION]: The skill utilizes shell-based commands for its core exploration and analysis workflow.
Evidence: The allowed-tools includes Bash, and references/analysis-process.md provides bash command templates for project mapping and identifying business logic.

spec-mining