The Agent Skills Directory

[COMMAND_EXECUTION]: Executes the gh utility via bash to fetch dependency metadata such as star counts and issue status. This behavior is aligned with the skill's stated purpose of auditing supply chain health.
[DATA_EXFILTRATION]: Accesses local project files to identify dependencies. Data collected is used solely to generate a local markdown report within the workspace; no external exfiltration to non-whitelisted domains was detected.
[PROMPT_INJECTION]: The skill processes untrusted metadata. 1. Ingestion points: Dependency files and gh CLI output. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Read. 4. Sanitization: Absent. The risk is minimized by the skill's specific purpose and use of a trusted security auditing workflow.

supply-chain-risk-auditor