The Agent Skills Directory

[SAFE]: The skill implements a comprehensive and non-overridable denylist in references/skip-patterns.md. This safety feature explicitly prevents the agent from reading sensitive paths such as .env files, .ssh/ directories, AWS credentials, and private keys, even if a user or calling skill explicitly requests them.
[SAFE]: The execution workflow is designed for transparency and auditability. It requires the agent to write a plan.md file before performing any analysis, which documents exactly which files will be scanned and which were excluded based on the skip patterns.
[SAFE]: All findings produced by the skill require path-anchored citations as defined in references/citation-schema.md. This ensures that all claims are derived from source documents and can be verified by the user, reducing the risk of hallucination or instruction override from scanned data.
[SAFE]: The skill is strictly defined as a local filesystem primitive. It documentation explicitly states that it does not handle remote, paywalled, or authentication-gated network sources, effectively limiting the surface area for data exfiltration.
[SAFE]: Robust error-handling protocols in references/failure-modes.md ensure that any failed sub-tasks or unreadable files are explicitly recorded in a Gaps & Limitations section of the final report, preventing silent failures or context loss.

artifact-analysis