The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a shell script scripts/explore-project.sh that executes local discovery commands such as find, grep, wc, and tree. These are standard tools used to provide context about the project's structure and are used safely within the local file system scope.
[DATA_EXFILTRATION]: No network operations or data exfiltration patterns were detected. All project information gathered by the script is output directly to the user's console.
[REMOTE_CODE_EXECUTION]: There are no remote downloads or execution of untrusted scripts. The script is entirely local and bundled with the skill.
[PROMPT_INJECTION]: The instructions in SKILL.md are purely process-oriented, providing a logical workflow for the agent. There are no attempts to override safety filters or system instructions.
[CREDENTIALS_UNSAFE]: The script scans for the presence of configuration files like .env.example, but it does not attempt to read or expose sensitive values from actual .env files.

scaffolding-projects