The Agent Skills Directory

[SAFE]: The skill's operations are confined to the local project environment, using restricted tools like Read, Glob, and Grep to analyze existing documentation and configurations. No network operations, sensitive file access, or administrative privileges are requested.
[SAFE]: The skill has a surface for indirect prompt injection as it processes content from untrusted skill and agent files. However, the risk is negligible due to the absence of dangerous capabilities and the requirement for user interaction. Ingestion points: The skill searches and reads files located at skills/*/SKILL.md and .claude/agents/*.md. Boundary markers: There are no explicit delimiters or warnings to ignore instructions within the analyzed content. Capability inventory: Access is limited to Read, Glob, Grep, and AskUserQuestion. No shell, execution, or network tools are available. Sanitization: No explicit filtering or sanitization of ingested content is performed before analysis.

skill-preflight