The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses platform-specific commands such as xdg-open, open, or start to automatically open the generated architectural review report in the user's default browser.
[EXTERNAL_DOWNLOADS]: Reports generated by the skill reference external JavaScript libraries from well-known providers, including Tailwind CSS (via cdn.tailwindcss.com) and the Mermaid diagramming library (via cdn.jsdelivr.net).
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process content from arbitrary project files (ADRs, glossaries, and source code) without implementing boundary markers or sanitization.
Ingestion points: Systematically reads source code and documentation files throughout the project directory to identify architectural patterns.
Boundary markers: None identified; the agent is not provided with delimiters to separate its core instructions from the data found in the files it analyzes.
Capability inventory: The skill can write files to the system's temporary directory, execute shell commands to open those files, and spawn sub-agents for concurrent exploration and design tasks.
Sanitization: No sanitization is applied to codebase content before it is processed or included in the HTML report. The report specifically configures the Mermaid library with securityLevel: "loose", which could facilitate cross-site scripting (XSS) if malicious content from the codebase is rendered as part of a diagram.

improve-codebase-architecture