The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is instructed to read the .git/config file during its exploration phase. This file is used to discover repository settings such as remote URLs and tracker types. However, .git/config is a sensitive file that may contain access tokens or credentials if HTTPS remotes are configured with embedded secrets.
[PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection (Category 8) by processing untrusted data from the local repository (e.g., project documentation and CI configurations) to generate configuration suggestions.
Ingestion points: The skill reads repository-local files such as AGENTS.md, CLAUDE.md, CONTEXT.md, docs/adr/, and CI configuration files from the .github/workflows/ directory as described in SKILL.md.
Boundary markers: There are no explicit boundary markers or instructions to ignore embedded instructions within the processed repository files.
Capability inventory: The skill has file-writing capabilities, specifically for creating documentation in docs/agents/ and proposing modifications to core agent instruction files like CLAUDE.md or AGENTS.md.
Sanitization: The skill does not perform specific sanitization or validation on the content discovered in the repository before incorporating it into the proposed configuration blocks.

candango-setup