The Agent Skills Directory

[SAFE]: The skill is a well-structured and documented set of tools for PHP codebase modernization. It adheres to best practices and provides clear guidance for developers.
[COMMAND_EXECUTION]: The Python scripts introspect.py, verify_php_project.py, and modernize_loop.py utilize subprocess.run to call PHP binaries (e.g., php, phpstan, rector, php-cs-fixer). These calls are performed using lists and target standard executable paths within the project's vendor/bin or .Build/bin directories. This behavior is necessary and appropriate for the skill's functionality.
[DATA_EXPOSURE]: The skill reads project-specific configuration and source files. It does not perform unauthorized network transmissions or exfiltrate sensitive data. Security audits are performed locally via composer audit.
[INDIRECT_PROMPT_INJECTION]: The skill processes external code and configuration, which presents a surface for indirect prompt injection.
Ingestion points: PHP source files (src/, Classes/, tests/) and composer.json project metadata are processed for analysis and refactoring.
Boundary markers: Absent. The scripts do not use specific delimiters to isolate external content during analysis.
Capability inventory: The skill has the capability to write to the file system and execute shell commands through the identified PHP tooling binaries.
Sanitization: Absent. Content is processed as-is for static analysis and linting.

php-modernization