The Agent Skills Directory

[SAFE]: The skill does not exhibit malicious patterns. There is no evidence of data exfiltration, unauthorized network access, obfuscation, or credential theft. The behavior is consistent with the stated purpose of a software engineering tool.
[COMMAND_EXECUTION]: The skill utilizes local Node.js scripts (load-context.mjs and pin.mjs) to resolve engineering standards and manage command shortcuts. These scripts are restricted to filesystem operations within the project and the agent's configuration directories, with safety checks to prevent path traversal.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection via the standards files it processes.
Ingestion points: Project standards (PRINCIPLES.md, STACK.md, TESTING.md) are loaded into the agent context using the load-context.mjs script.
Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands within the ingested standards files.
Capability inventory: The skill possesses broad file-modification capabilities across multiple commands including craft, refactor, debug, and harden.
Sanitization: Content from the project files is incorporated into the prompt without structural validation or sanitization, relying on the agent's internal safety guardrails.

rigorous