The Agent Skills Directory

[COMMAND_EXECUTION]: The quality criteria defined in references/quality-criteria.md instruct the agent to cross-reference documentation by 'actually' running the documented commands. This pattern is inherently risky as it encourages the execution of arbitrary shell commands extracted from potentially untrusted markdown files within the repository.
[PROMPT_INJECTION]: The skill ingests content from external CLAUDE.md files across a repository to evaluate their quality, creating an indirect prompt injection surface (Category 8).
Ingestion points: The skill uses find and Read tools to ingest content from CLAUDE.md, .claude.md, and .claude.local.md files (as defined in SKILL.md).
Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the content of these files as untrusted or to ignore any embedded instructions.
Capability inventory: The agent possesses the Bash tool (allowing shell execution) and the Edit tool (allowing file system modifications).
Sanitization: No sanitization or validation logic is present to filter malicious instructions or dangerous commands found within the audited files before processing them.

claude-md-improver