The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a unified linting script (scripts/lint.sh), sets executable permissions using chmod +x, and executes it. It also runs package managers like npm, pip, and uv to install development dependencies. These actions are consistent with the skill's primary purpose of project environment configuration.
[EXTERNAL_DOWNLOADS]: In the event that local template files are missing, the skill is instructed to fetch them from the author's GitHub repository. This is a reference to a well-known service and the author's own infrastructure.
[REMOTE_CODE_EXECUTION]: The skill installs dependencies from public registries (NPM and PyPI). It explicitly instructs the agent to avoid version pinning and always install the latest versions. While standard for bootstrapping new projects, this behavior relies on the integrity of upstream package registries.
[INDIRECT_PROMPT_INJECTION]: The skill analyzes existing project configuration files, such as package.json or pyproject.toml, to determine the appropriate setup. This ingestion of local data represents a standard attack surface for indirect prompt injection, though the risk is mitigated by the skill's template-driven logic.
Ingestion points: Reads local project files including package.json, pyproject.toml, .editorconfig, and directory structures (SKILL.md, Phase 1).
Boundary markers: None explicitly defined for data ingestion.
Capability inventory: Subprocess calls for package managers, file-writing for config generation, and execution of generated shell scripts.
Sanitization: None detected for interpolated data.

ln-741-linter-configurator