The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a project-local Python script (.claude/scripts/code_graph) to identify unused exports and orphan files by querying a code graph database.
[PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because it reads and processes the content of various files within the codebase (documentation, configuration, and source code).
Ingestion points: Content is read from docs/project-config.json and files within the configured source and documentation paths.
Boundary markers: Not used. Content from external files is processed without explicit delimiters or instructions to ignore embedded agent commands.
Capability inventory: The agent has the ability to execute shell commands (Python scripts) and write files to the project directory.
Sanitization: No sanitization or validation is performed on the data extracted from the scanned files before it is processed by the agent.
[PROMPT_INJECTION]: The instructions employ strong emphasis markers such as 'IMPORTANT MUST ATTENTION' to define operational constraints and output formatting, which is a common technique for guiding agent behavior.

scan-codebase-health