The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a series of diagnostic shell commands and local helper scripts (e.g., effective_profile.py, compact_artifact.py) to analyze codebase structure, dependencies, and coding patterns. These operations are read-only and strictly constrained to the diagnostic workflow.
[EXTERNAL_DOWNLOADS]: The skill leverages 'npx' to execute utilities like 'madge' and 'depcheck' and utilizes official package manager security tools. These activities interact with well-known and trusted public registries (e.g., npmjs.com, go.dev) to perform vulnerability scanning and dependency analysis.
[PROMPT_INJECTION]: Imperative language is used throughout the instructions to ensure the agent follows the complex audit protocol. While the skill processes untrusted content from the codebase under audit (an indirect injection surface), its structured assessment framework and specialized diagnostic role mitigate the risk of following malicious instructions embedded in source files.
[DATA_EXFILTRATION]: The skill accesses project metadata and configuration files to evaluate security hygiene (e.g., scanning for hardcoded secrets or dangerous function calls). Findings are recorded locally in a 'HEALTH.md' artifact, and there is no evidence of data being transmitted to external servers or domains.

inspektera