The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses sensitive environment files including .env and .env.example in Phase 4d to validate port mappings. Reading these files exposes their contents, which typically include secrets and API keys, to the agent's context.
[PROMPT_INJECTION]: The skill reads and processes the content of arbitrary documentation files across the codebase to extract references and commands. This creates a surface for indirect prompt injection where malicious instructions could be embedded in documentation to influence the agent.
Ingestion points: Processes any .md file found in the docs/ directory or root folder (e.g., ARCHITECTURE.md, README.md).
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when parsing file content.
Capability inventory: Employs Bash, Read, Glob, and Grep to search and evaluate file contents.
Sanitization: Uses restrictive regex patterns (e.g., [a-zA-Z0-9_./-]+) for extraction, but the final output includes raw extracted shell commands and paths in a markdown report.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform discovery and validation using shell commands such as find, grep, jq, and git log. Although extracted paths are quoted and regex-filtered, executing shell logic based on file content is an inherently sensitive operation.

scan