The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes Python scripts for repository analysis (scripts/extract_commands.py and scripts/scan_repo.py). These scripts are limited to reading directory structures and file contents; they do not use subprocess, os.system, or other methods to execute the commands they identify.
[DATA_EXFILTRATION]: No network access or external communication methods were detected. The skill only interacts with the provided local repository path and produces structured text/JSON output.
[PROMPT_INJECTION]: The skill's instructions in SKILL.md and references/repo-scan-rules.md focus exclusively on repo reproduction workflows and do not contain attempts to bypass safety filters or override agent behavior.
[SAFE]: Indirect Prompt Injection Surface: The skill ingests untrusted data from external README files to extract commands. However, the risk is mitigated by the skill's lack of execution capabilities and its conservative planning-only design.
Ingestion points: scripts/extract_commands.py (reads README text) and scripts/scan_repo.py (scans directory contents).
Boundary markers: The skill enforces clear boundaries in SKILL.md and produces structured JSON output to help orchestrators distinguish data from instructions.
Capability inventory: Analysis confirms no subprocess calls, file-write operations, or network requests across all scripts.
Sanitization: extract_commands.py uses specific regex patterns and keyword whitelists to classify commands, preventing arbitrary prose from being treated as executable code.

repo-intake-and-plan