The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes functionality to persistently modify the AI agent's own execution environment. Specifically, scripts/pin.mjs writes new skill definition files (SKILL.md) to harness-specific configuration directories such as .claude/skills and .cursor/skills. Additionally, scripts/cleanup-deprecated.mjs performs recursive deletions (rmSync) of directories within these configuration folders.
[REMOTE_CODE_EXECUTION]: The skill utilizes npx impeccable to execute code from the npm registry at runtime. It also manages a local server (scripts/live-server.mjs) that is capable of spawning arbitrary sub-processes and executing shell commands on the host system.
[DATA_EXFILTRATION]: The iteration server started by scripts/live-server.mjs provides endpoints to read raw project source files (/source) and upload images (/annotation), which allows project data to be handled by a local network process.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by ingesting untrusted project files.
Ingestion points: scripts/load-context.mjs reads PRODUCT.md and DESIGN.md into the agent context.
Boundary markers: Absent; files are read and processed as raw text without delimiters.
Capability inventory: The skill has extensive capabilities including writing and deleting configuration files (scripts/pin.mjs, scripts/cleanup-deprecated.mjs), spawning processes, and running a network server.
Sanitization: Absent; content from project files is interpolated directly into instructions.
[EXTERNAL_DOWNLOADS]: The skill is configured to fetch and run tools from the external npm registry using the npx command.

impeccable