The Agent Skills Directory

[SAFE]: No malicious patterns detected. The skill performs legitimate project management tasks by executing a local score calculation script and formatting the output JSON into a report.
[COMMAND_EXECUTION]: The skill executes python scripts/readiness.py to compute project readiness. This is a core functional requirement of the skill and is performed locally within the project environment.
[EXTERNAL_DOWNLOADS]: The skill mentions installation of dependencies via scripts/requirements.txt. This is standard practice for managing Python dependencies in extension-based skills.
[PROMPT_INJECTION]: The skill processes data from status/readiness.json and interpolates it into a report template without explicit boundary markers or sanitization, creating a potential surface for indirect prompt injection.
Ingestion points: status/readiness.json (read via cat in Step 2 of SKILL.md).
Boundary markers: Absent; extracted JSON values are directly inserted into the markdown reporting template.
Capability inventory: The skill has access to Bash (command execution), Read, Glob, and Grep tools.
Sanitization: No validation or sanitization of the JSON content is described before outputting to the user.

ghm-gate-check