The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a suite of SAP-specific tools, including SAPRead, SAPSearch, SAPContext, and SAPLint, to interact with the SAP environment. It also uses a file system Write tool to save Markdown documentation to a local 'docs/' directory. These actions are strictly aligned with the skill's stated purpose of documenting custom ABAP code.- [EXTERNAL_DOWNLOADS]: The instructions reference an external MCP tool, 'mcp-sap-docs', which is used to enrich documentation with business context by searching for SAP application component descriptions. This is a functional dependency for documentation enrichment.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data in the form of ABAP source code via SAPRead. This data is then summarized and written to the local file system using the Write tool. While no explicit boundary markers or sanitization steps are mandated in the instructions to separate the untrusted source code from the agent's generation process, the risk is considered low as the primary output is static documentation stored locally.- [DATA_EXFILTRATION]: Although the skill accesses potentially sensitive SAP source code and metadata, its operations are confined to reading from the SAP system and writing to the local workspace. No unauthorized network operations or exfiltration to non-whitelisted domains were identified.

sap-object-documenter