The Agent Skills Directory

[SAFE]: The skill performs local static analysis of code files to identify quality issues. All operations are confined to the local file system and no network access or data exfiltration behaviors were found.- [COMMAND_EXECUTION]: The skill executes its logic via a Node.js script provided within the package. This is the intended behavior for scanning local source code directories.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it reads untrusted source code and includes portions of it in a report for the agent. 1. Ingestion points: scripts/quality_checker.js reads file contents via fs.readFileSync. 2. Boundary markers: The output report does not use explicit boundary markers to separate code snippets from instructions. 3. Capability inventory: The skill is configured with Bash, Read, and Glob tools. 4. Sanitization: No sanitization is performed on identifiers extracted from scanned code before inclusion in the report.

checking-code-quality