The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and run the metaharness package from the npm registry. This is standard behavior for CLI-based utility skills.
[COMMAND_EXECUTION]: Invokes the metaharness score command through a Bash subprocess to perform analysis on local file paths. The execution includes a 60-second safety timeout.
[PROMPT_INJECTION]: As the skill processes untrusted repository content to generate scores, it possesses a surface for indirect prompt injection where malicious code comments or file content could attempt to influence the agent's interpretation of the readiness report.
Ingestion points: Repository files at the user-provided <path> (analyzed by metaharness).
Boundary markers: None specified for the data processed by the external tool.
Capability inventory: Subprocess invocation (metaharness) via Bash.
Sanitization: No explicit sanitization of the target repository's content is mentioned in the skill definition.

harness-score