The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to run various command-line tools including composer for dependency management, php artisan for cache and configuration management, and the rector binary for code processing. These commands modify the local system state and project environment.
[EXTERNAL_DOWNLOADS]: To perform the upgrade, the skill requires downloading external PHP packages rector/rector and driftingly/rector-laravel from public repositories. These tools are not pre-installed in the agent environment and are fetched at runtime.
[REMOTE_CODE_EXECUTION]: By installing and executing the Rector tool and its associated rulesets, the agent is running third-party code within the user's project context. Additionally, the skill involves configuring a rector.php file (a PHP script) which is subsequently executed to apply code transformations.
[PROMPT_INJECTION]: The skill processes untrusted project data which creates a surface for indirect prompt injection.
Ingestion points: Local project files such as composer.json, composer.lock, and rector.php are read to analyze the current project state.
Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious embedded instructions when reading these files.
Capability inventory: The agent possesses capabilities to execute shell commands, modify project files, and run the project's test suite via composer test.
Sanitization: The skill does not implement validation or sanitization of the content within project files before using that data to drive the automated refactoring process.

laravel-update-with-rector