The Agent Skills Directory

[SAFE]: The skill's primary function is passive code analysis. It directs the agent to identify patterns such as deeply nested conditionals, magic numbers, and duplicated logic to generate a markdown-formatted report.
[SAFE]: The instructions explicitly state that the agent should only generate a plan and 'not rewrite the code yet', which prevents unintended automated modifications to the codebase.
[SAFE]: No network operations, credential access, or third-party package dependencies are present in the skill definition.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external code files, which constitutes a potential injection surface if the code contains malicious instructions. However, the risk is mitigated by the skill's limited capability (analysis only) and the lack of automated execution or exfiltration channels. This is consistent with the skill's intended purpose as a developer tool.
Ingestion points: Code provided via chat or read from local file paths specified by the user.
Boundary markers: None present.
Capability inventory: File system read access for code analysis. No file writing or network capabilities are invoked by these instructions.
Sanitization: None present.

Refactor Planner