The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill follows a structured workflow for repository scanning and file generation with built-in validation steps and a diff-and-merge flow to protect existing content.
[PROMPT_INJECTION]: The skill ingests data from untrusted local files (e.g., README.md, package.json) to generate documentation. While this presents a surface for indirect prompt injection, the risk is inherent to the skill's purpose and the output is limited to a markdown file. Ingestion points: Node 2 reads various project configuration and documentation files as specified in references/scan-signals.md. Boundary markers: The skill does not implement specific delimiters to isolate scanned content from its internal instructions. Capability inventory: The skill is limited to reading repository files and writing to CLAUDE.md. Sanitization: Node 6 performs output validation to ensure the generated content meets quality gates and does not contain placeholders.

claude-md-starter