The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands like find, grep, ls, and git to inspect project structure, configuration, and history. It also contains logic to execute a local script named scripts/recon.sh if present in the skill directory. These operations are core to the skill's functionality for auditing codebases.
[CREDENTIALS_UNSAFE]: The skill accesses project configuration files, such as .env and docker-compose.yml, to verify that documented port numbers and environment variable names are correct. This access is targeted and consistent with the skill's primary purpose.
[PROMPT_INJECTION]: The skill processes user-controlled documentation and source code files, which creates an attack surface for indirect prompt injection. Ingestion points: ARCHITECTURE.md, AGENTS.md, README.md, and source files. Boundary markers: Absent. Capability inventory: Shell-based reconnaissance and git commit for documentation fixes. Sanitization: Absent.

doc-audit