The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the rg (ripgrep) utility to programmatically search through repository files for configuration and infrastructure-related keywords.
[CREDENTIALS_UNSAFE]: The workflow involves searching for sensitive configuration information including terms like secret, env, oidc, jwt, and authentication group claims to identify parity drift. This access is scoped to the skill's primary purpose of environment alignment.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted repository data (docs, source, CI manifests) to generate instructions and safeguards. 1. Ingestion points: Application source code, documentation, and configuration files read via repository search tools (SKILL.md). 2. Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded prompts in analyzed files. 3. Capability inventory: Writing generated skill files and executing shell commands for repository inspection (SKILL.md, resources/generated-skill-template.md). 4. Sanitization: Absent; evidence extracted from the repository is interpolated into the generated skill without explicit validation or escaping.

production-parity-skill-builder