The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions include bash scripts to dynamically determine the installation directory and use standard tools like grep and find to scan project files for security vulnerabilities such as hardcoded secrets.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its primary purpose is to ingest and analyze untrusted project infrastructure configurations.
Ingestion points: The agent reads all project files excluding the .context/ directory (Step 1.1).
Boundary markers: Explicit instructions are provided to ignore all files in the .context/ directory to prevent the framework itself from being audited or influenced.
Capability inventory: The skill can execute shell commands (grep, find, bash) and write detailed reports to the local file system (.context/outputs/).
Sanitization: There is no explicit sanitization logic defined for the external project content before it is processed by the agent.- [EXTERNAL_DOWNLOADS]: The skill references official security documentation from trusted sources including Docker (docs.docker.com) and Kubernetes (kubernetes.io) to provide a knowledge base for its audit logic.

infrastructure-audit