The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file scripts/audit_engine.py implements dynamic module loading using importlib.util. It resolves analyzer modules from the scripts/analyzers/ directory based on computed paths. While the module mapping is defined in a static dictionary, the use of exec_module to load logic at runtime is a dynamic execution pattern.
[COMMAND_EXECUTION]: In scripts/audit_engine.py, the skill uses subprocess.run to execute git commands. This is used to gather repository information such as commit history and line counts during the initial project discovery phase.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Analyzers located in scripts/analyzers/ (e.g., code_quality.py, security_scan.py) read content from the files being audited and include extracted snippets in the final reports generated by scripts/report_generator.py. This content could contain malicious instructions designed to influence an agent that processes the resulting audit reports.
Ingestion points: Files are read from the user-provided codebase path using Path.rglob across multiple analyzer modules.
Boundary markers: The report generator wraps code findings in standard markdown code blocks (```).
Capability inventory: The skill has capabilities to read/write local files, execute git commands via subprocess, and perform dynamic module loading.
Sanitization: There is no evidence of sanitization or filtering applied to the source code snippets to prevent them from acting as instruction injections when displayed in reports.

codebase-auditor