The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/audit.js employs dynamic path resolution to locate its installation root and load utility modules. It resolves _pluginRoot by checking the PLUGIN_ROOT environment variable and walking up the directory tree until it finds specific marker files (.claude-plugin/plugin.json). This dynamically computed path is then used in require() calls to load internal helper functions. While intended for portability, dynamic loading from computed paths is a technique that warrants monitoring.
[PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface (Category 8) by reading and processing external data from the audited repository.
Ingestion points: The skill reads README.md and feature documentation files in docs/features/ using readFileSafe.
Boundary markers: There are no explicit delimiters or instructions for the agent to ignore potentially malicious content within these files.
Capability inventory: The skill can execute shell commands and suggests follow-up actions (commands like /update-docs) based on the audit results.
Sanitization: The script uses regular expressions to extract specific metrics (e.g., checkbox completion) rather than constructing prompts from raw text, which significantly mitigates the risk.
[COMMAND_EXECUTION]: The skill instructions in SKILL.md involve executing a local shell script scripts/run-skill.sh to trigger the audit process. The audit script further uses system commands to perform ecosystem detection and verify the presence of toolchains (e.g., git repo root detection). The content of the wrapper script scripts/run-skill.sh was not provided for analysis.

project-audit