The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Node.js script located at references/scripts/docs-quality/cli.mjs to perform manifest building, document verification, and quality reporting. These operations are restricted to the filesystem and are consistent with the skill's purpose as a documentation validator.
[PROMPT_INJECTION]: The skill instructions include phrases such as 'MANDATORY READ' and 'CRITICAL Rules'. These are used for operational guidance to the agent and do not attempt to bypass safety filters or override the agent's core identity.
[DATA_EXFILTRATION]: No evidence of network operations or attempts to exfiltrate data. File access is limited to the project directory for documentation management purposes.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from project files (e.g., README.md, ARCHITECTURE.md) during the Phase 0 cleanup and Phase 3 global cleanup.
Ingestion points: Reads project files matching patterns in references/legacy_detection_patterns.md and all markdown files in the docs/ directory.
Boundary markers: The instructions do not explicitly require the use of boundary markers (like XML tags) when the agent processes the extracted documentation facts.
Capability inventory: The agent has capabilities to modify the filesystem (Edit tool) and invoke other worker skills (Skill tool).
Sanitization: There is no mention of sanitizing or escaping the extracted content before it is used in subsequent prompts or written to new files. However, given the context of a documentation tool, this risk is considered low.
[SAFE]: The skill provides templates and scripts for a 'NO_CODE' documentation approach, emphasizing structured data (tables, ASCII) over implementation code blocks.

ln-100-documents-pipeline