The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The test runner tests/run-tests.sh downloads the bats-core testing framework from its official GitHub repository (github.com/bats-core/bats-core.git). This is a well-known service and the resource is used exclusively for testing purposes.
[COMMAND_EXECUTION]: The skill utilizes a shell script scripts/collect-git-signals.sh to extract project metadata from the local git history. The script uses standard POSIX-compatible utilities and demonstrates safe handling of filenames and dates derived from the repository.
[PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because it processes untrusted source code and git history during the audit. Malicious instructions embedded in the audited project could attempt to influence the findings of the analysis sub-agents. This is an inherent risk of analysis tools, and the skill mitigates it by employing a multi-step workflow with independent 'Adversarial Review' agents designed to challenge and verify results.
[DATA_EXPOSURE]: The skill reads project source files and git metadata to perform its audit. All outputs and recommendations are stored locally within the .agents/tidy/project/ directory at the repository root, ensuring that analysis data remains within the user's environment.

tidy-project