The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were identified. The skill is designed for static analysis and reporting within a local development environment.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform initial repository scans and to execute internal management scripts located in the references/ directory. These operations are scoped to the project codebase and the designated runtime artifact directory.
[DATA_EXFILTRATION]: No network activity or exfiltration patterns were detected. The skill reads local code for auditing purposes and writes results to JSON and Markdown files within the .hex-skills/ directory. File path sanitization is implemented in the provided Node.js scripts to prevent path traversal.
[PROMPT_INJECTION]: The skill processes untrusted source code from a repository. While the instructions do not contain markers for direct injection, this data ingestion represents a potential surface for indirect prompt injection (Category 8).
Ingestion points: Codebase files read via hex-line and Grep (SKILL.md).
Boundary markers: The skill does not explicitly define XML-style or other boundary markers for untrusted content.
Capability inventory: File reading, local script execution via Bash, and report generation.
Sanitization: Filenames are sanitized for artifact storage, though the content being audited is interpreted by the agent's logic.

ln-654-resource-lifecycle-auditor