The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted source code from a user's codebase.
Ingestion points: Migration files, application source code, and database configurations are read from the codebase_root using Read and mcp__hex-line__read_file tools.
Boundary markers: The skill does not implement explicit boundary markers or 'ignore embedded instructions' warnings when interpolating the contents of audited files into the agent's context.
Capability inventory: The skill has access to high-privilege tools including Bash for command execution and Write for generating reports.
Sanitization: The methodology relies on agent reasoning ('Two-Layer Detection') but lacks automated sanitization or filtering of the ingested code content.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute linters and audit commands during its initial scanning phase. While this is standard for a developer-oriented audit tool, executing shell commands based on inputs derived from the filesystem is a capability that requires monitoring.

ln-652-transaction-correctness-auditor