The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using grep to inspect sensitive configuration files such as ~/.claude/mcp_config.json and ~/.claude.json. These files typically contain authentication tokens, API keys, and environment-specific settings for the Model Context Protocol (MCP) servers.
[DATA_EXFILTRATION]: The skill creates a high-fidelity map of the project's internal security and data architecture. It specifically spawns sub-agents to map 'Auth & RBAC' (middleware, roles, login endpoints) and 'Data & Backend' (database schemas, ORM models, API controllers). While this data is presented to the user, the aggregation of such sensitive architectural information into a single document increases the impact of potential exfiltration if the agent context is compromised.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection (Category 8).
Ingestion points: Phase 1 utilizes five parallel 'Explore' agents that read and parse the entire content of the user's codebase (routes, middleware, models, configs).
Boundary markers: The skill does not employ delimiters or 'ignore embedded instructions' markers when passing the results of codebase exploration into the specialist generation agents.
Capability inventory: The skill has broad capabilities including shell command execution, spawning multiple sub-agents with different models, and performing web research via /research-before-coding.
Sanitization: There is no evidence of sanitization or filtering of the content read from the codebase before it is interpolated into the prompts for Phase 3 and Phase 5 agents.
[CREDENTIALS_UNSAFE]: The skill logic specifically targets the discovery of .env files and authentication middleware. While intended for mapping, the automated extraction of these patterns into a central summary poses a risk if malicious instructions are present in the project files.

test-spec-gen