The Agent Skills Directory

[COMMAND_EXECUTION]: The audit script scripts/audit_repo.py executes system commands using subprocess.run to interact with git. It calls git ls-files to count tracked files and git log to check for file freshness. These commands are executed without a shell and use static arguments, which is a safe implementation pattern for gathering repository metadata.
[DATA_EXFILTRATION]: The skill accesses sensitive local configuration files, specifically reading ~/.claude/settings.json (user scope) and .claude/settings.json (project scope). This access is intended for auditing the agent's permission levels and MCP configurations but constitutes an exposure of configuration data from the user's home directory.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by reading and processing documentation files (e.g., CLAUDE.md) from the audited repository.
Ingestion points: The scripts/audit_repo.py script reads the full text of CLAUDE.md, CLAUDE.local.md, and other nested documentation files found in the repository.
Boundary markers: The output is structured as JSON, but the raw text content from the documentation files is processed to identify headings and keywords without explicit boundary delimiters to prevent the agent from obeying embedded instructions.
Capability inventory: The skill allows the agent to edit files, suggest changes, and run shell commands via the audit script.
Sanitization: Content is read into memory and parsed for metrics, but no specific sanitization or escaping is applied to the text before it is returned to the agent's context in the audit report.

optimizing-claude-code