The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references several third-party analysis tools that are downloaded and installed via standard package managers like npm, pip, go, and cargo. These include well-known utilities such as escomplex, radon, lizard, and pip-audit.
[COMMAND_EXECUTION]: The skill involves running numerous shell commands to analyze project structure, dependencies, and code complexity. This includes the use of grep, find, and various language-specific analysis CLIs.
[PROMPT_INJECTION]: Surface for indirect prompt injection identified. The skill is designed to process external, potentially untrusted project data.
Ingestion points: Root directory scan, reading of configuration files (e.g., package.json, requirements.txt), and source code analysis (SKILL.md Capabilities 1, 2, 5).
Boundary markers: Absent. No instructions are provided to the agent to distinguish between its own logic and data found in the analyzed codebase.
Capability inventory: Shell command execution via multiple analysis tools is present across all reference files and main instructions.
Sanitization: Absent. The skill does not define methods for validating or escaping content from the analyzed files before using it in commands or analysis.

project-understanding