The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and analyze content from a local codebase, which constitutes a surface for indirect prompt injection if audited files contain malicious instructions. This risk is inherent to the primary function of the skill.
Ingestion points: Manifest files (e.g., package.json, pyproject.toml), source code files across the repository, and git diff outputs.
Boundary markers: None explicitly defined in the instructions to distinguish between legitimate code and malicious instructions during the audit process.
Capability inventory: Employs an exploration subagent and executes local shell commands (mkdir, bash, git) to interact with the file system and version control.
Sanitization: No specific sanitization or filtering logic is provided for external content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill utilizes standard shell commands to manage internal state and retrieve codebase information.
Evidence: Instructs the agent to create state persistence directories using mkdir and to execute a local utility script (scripts/run-id.sh) to generate timestamps. It also performs repository analysis using common version control commands such as git status and git diff.

clean-with-fdd