The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local bash and python scripts (enumerate.sh, analyze_git_security.py, generate_svg.py) to analyze codebase statistics, git history, and generate diagrams. It also invokes external development toolchains like forge (Foundry) and npx hardhat to gather coverage data.
[EXTERNAL_DOWNLOADS]: Fetches a version file from the author's public GitHub repository (raw.githubusercontent.com/pashov/skills/main/x-ray/VERSION) to check for updates.
[PROMPT_INJECTION]: Indirect prompt injection surface exists because the skill ingests and processes user-provided Solidity source code. While the skill instructs subagents to perform objective fact extraction, malicious content within source files could theoretically attempt to influence the automated reporting phase.
Ingestion points: Solidity source files read during Step 2 in SKILL.md.
Boundary markers: The prompt explicitly instructs subagents to "Do NOT analyze — just extract facts."
Capability inventory: Shell command execution (bash, python3), file system writing, and subagent invocation.
Sanitization: No specific input sanitization or filtering of Solidity code content is detailed.

x-ray