The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bash script that triggers several CLI tools including npx, claude-flow, gemini, and codex. It also utilizes standard Unix utilities like find, xargs, and awk on user-provided directory paths.
[EXTERNAL_DOWNLOADS]: The workflow uses npx to invoke claude-flow. This may trigger downloads from the npm registry if the package is not cached locally.
[REMOTE_CODE_EXECUTION]: The skill implements an automated fixing loop using codex --full-auto and npx claude-flow functionality-audit. While the skill attempts to mitigate risk using --sandbox true and --network-disabled flags, it involves the autonomous generation and execution of code logic derived from AI models.
[DATA_EXFILTRATION]: Codebase content and error logs are transmitted to external AI providers (Claude, Gemini, and Codex) for analysis. This is required for the skill's functionality but involves moving potentially sensitive local data to third-party services.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data via bug_description and error_logs without sanitization or explicit boundary markers. This data is interpolated directly into analysis tools, which could potentially influence the resulting bug fixes or analysis reports.
Ingestion points: Inputs defined in SKILL.md (bug_description, error_logs) are processed by analysis scripts.
Boundary markers: No explicit delimiters are used when passing user input to tools like gemini or claude-flow.
Capability inventory: Filesystem writes and automated code execution via the codex and claude-flow tools.
Sanitization: The skill relies on the underlying tools for sanitization; none is performed within the provided script.

smart-bug-fix