The Agent Skills Directory

[COMMAND_EXECUTION]: The skill employs Bash scripts and command-line utilities such as awk, git, and glob to automate the detection of widget types and the resolution of source code paths.
Evidence: Scripts in operations/detect-widget-type.md and operations/resolve-widget-source.md use shell commands to inspect the filesystem and verify repository availability.
[EXTERNAL_DOWNLOADS]: The skill performs repository cloning from an internal GitHub Enterprise instance to ensure that the required legacy source code is available for analysis.
Evidence: operations/resolve-widget-source.md includes logic to execute 'git clone' from internal domains like ghe.coxautoinc.com.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes legacy source code to generate high-level technical specifications and implementation stories.
Ingestion points: The skill reads Velocity templates (.vm), Groovy scripts, and XML/JSON configuration files (e.g., portlet-portlets.xml, prefs.json) from the local filesystem.
Boundary markers: The pipeline does not specify the use of clear delimiters or instruction-ignore warnings when processing the content of these files for output generation.
Capability inventory: The skill has the capability to write and edit files (allowed-tools: Write, Edit), which are used to produce implementation epics and specs based on the analyzed data.
Sanitization: No explicit sanitization or filtering mechanisms are described to prevent instructions embedded within legacy code from influencing the agent's migration output.

widget-migrate