The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from third-party repositories. Malicious instructions embedded in a repository's documentation or code comments could potentially influence the agent's interpretation when reviewing the generated analysis reports.
Ingestion points: The target repository files are read by scripts/analyze_project.py during the scanning process.
Boundary markers: The instructions in SKILL.md and references/analysis-policy.md explicitly direct the agent to maintain a conservative, read-only, and "low-ego" stance.
Capability inventory: The skill is limited to file system reads of the repository and file system writes to the analysis_outputs directory.
Sanitization: The script performs structural extraction using the ast module but does not sanitize natural language content found within scanned files.
[SAFE]: The Python script scripts/analyze_project.py implements secure practices such as using yaml.safe_load for parsing configuration files. It performs read-only operations on the target repository and restricts output to a designated directory. While the script does not explicitly check for symlinks that might point outside the repository root, this is considered a minor implementation detail for this type of research tool and does not represent a malicious pattern.

analyze-project