The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs local validation using scripts defined in the project's package manifest, such as "npm run docs:check", "npm run typecheck", and "npm test". It also uses "npx skill-check" to verify the integrity of the skill itself. These commands are executed within the context of a local development environment to ensure code quality.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze external source code and tool manifests, creating a surface for potential indirect prompt injection attacks where malicious instructions could be embedded in the code being reviewed.
Ingestion points: Processes content from various project source paths including "src/mcp/tools/**" and "manifests/tools/*.yaml".
Boundary markers: Absent; the skill does not explicitly instruct the agent to disregard instructions found within the files it is reviewing.
Capability inventory: The skill enables the execution of shell-based validation commands via npm and npx utilities.
Sanitization: File content is reviewed as-is for the purpose of verifying architectural and schema compliance without explicit sanitization steps.
[SAFE]: File system access is restricted to the local project directory for the legitimate purpose of code review. No suspicious network exfiltration, hardcoded credentials, or unauthorized access patterns were identified during the analysis.

xcodebuildmcp-tool-contract-review