The Agent Skills Directory

[SAFE]: The skill is a legitimate tool for code refactoring and alignment. It follows established development patterns and includes safeguards against unintended modifications.\n- [COMMAND_EXECUTION]: The skill utilizes local shell commands (git diff, git commit) and development tools (test runners, secret scanners) as described in SKILL.md and references/checklist.md. These operations are scoped to the project and occur within a user-approved workflow.\n- [DATA_EXFILTRATION]: The skill includes logic to detect and remediate the exposure of sensitive data, such as hardcoded API keys and credentials, by moving them to environment variables. This is a defensive security feature.\n- [PROMPT_INJECTION]: The skill manages the surface for indirect prompt injection from analyzed repository code through a structured triage process and human-in-the-loop confirmation for bulk changes. Evidence Chain: 1. Ingestion points: Sampling repository files and git diffs (referenced in SKILL.md and references/conventions.md). 2. Boundary markers: Absent in skill instructions. 3. Capability inventory: Local command execution (tests, scanners) and file writes (referenced in SKILL.md and references/checklist.md). 4. Sanitization: Not specified.

best-practice