The Agent Skills Directory

[SAFE]: The skill performs legitimate architecture documentation tasks, such as parsing user arguments, exploring the codebase for structural insights, and writing documentation files to the local directory.
[DATA_EXFILTRATION]: No network access is requested or used. The allowed-tools list is restricted to file manipulation and internal skill invocation, preventing data from being sent to external servers.
[REMOTE_CODE_EXECUTION]: The skill invokes other internal skills (c4-documentation and arc42-documentation) for specialized formatting, which is a standard modular design. No external scripts or unverified remote packages are downloaded or executed.
[COMMAND_EXECUTION]: File analysis is performed using benign tools (Glob, Grep, Read). While the skill writes to the file system, it targets a specific docs/architecture/ directory and does not attempt to modify system configuration files or sensitive user data.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads untrusted data from the codebase (e.g., source code, config files) and incorporates it into documentation. However, this is inherent to its primary purpose, and the skill lacks the high-risk capabilities (like network access) required to weaponize such an injection.

doc-architecture