The Agent Skills Directory

[SAFE]: The skill's primary purpose is code quality enforcement. All scripts (main.cjs, pre-execute.cjs, post-execute.cjs) perform benign tasks such as argument parsing, metric recording, and input validation with no evidence of network exfiltration or unauthorized file access.
[PROMPT_INJECTION]: The skill processes project source code (**/*.ts), which constitutes a typical surface for indirect prompt injection. While malicious content in analyzed files could attempt to influence the agent, the skill does not exhibit any active vulnerabilities beyond this inherent risk.
Ingestion points: TypeScript source files within the project directory.
Boundary markers: Absent; the instructions do not define specific delimiters for separating untrusted code from analysis instructions.
Capability inventory: The skill utilizes Read, Write, and Edit tools to perform its intended functions.
Sanitization: No content sanitization is performed on the ingested code before analysis.
[COMMAND_EXECUTION]: The SKILL.md contains a reference to cat .claude/context/memory/learnings.md within a documentation block. This is a standard practice for agent memory management and does not constitute a malicious command injection or unauthorized access to sensitive system files.

form-validation-with-zod