The Agent Skills Directory

[SAFE]: The skill follows its stated purpose of auditing Angular code. All instructions and checklists are consistent with modern Angular development practices (signals, control flow, standalone components).
[COMMAND_EXECUTION]: The skill uses Bash(nx *) and Bash(wc *). These are legitimate tools in the Angular and Nx ecosystem used for build management and line counting, which are appropriate for a code auditing context.
[PROMPT_INJECTION]: There is a surface for indirect prompt injection as the skill processes untrusted source code provided in the $ARGUMENTS path. However, the risk is negligible as the skill lacks high-impact capabilities like network access or file-system writing.
Ingestion points: Untrusted code files read from the path provided at $ARGUMENTS (SKILL.md).
Boundary markers: None present.
Capability inventory: Read-only file access and restricted shell commands (nx, wc).
Sanitization: No sanitization is performed on the ingested code strings.

best-practices