The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Node.js scripts (bpa-findings-helper.js, bpa-local-parser.js, unified-collection-reader.js) to parse and manage migration targets from CSV and JSON files. These scripts operate locally on the file system within the IDE workspace and do not spawn external shell commands with unsanitized input.
[CREDENTIALS_UNSAFE]: A specialized workflow for OSGi configuration migration (osgi-cfg-json-cloud-manager.md) explicitly instructs the agent to identify secrets (passwords, API keys) and move them to a git-ignored local handoff file. It strictly forbids printing these secrets in the chat, demonstrating a robust security posture for credential management.
[EXTERNAL_DOWNLOADS]: The skill provides functionality to fetch migration targets from Adobe's Cloud Adoption Manager (CAM) via an MCP tool. This integration is limited to authenticated project discovery and requires explicit user confirmation of project IDs before any network activity occurs.
[PROMPT_INJECTION]: The SKILL.md file defines clear operational boundaries, restricting file access and searches to the current IDE workspace root. It mandates a one-pattern-per-session workflow and requires user approval before processing data batches, mitigating the risk of automated instruction overrides or scope creep.
[DATA_EXFILTRATION]: Analysis of the included scripts and instructions confirms that data processing is restricted to the local workspace and official MCP endpoints. There are no patterns suggesting unauthorized exfiltration of codebase, credentials, or environment data.

migration