The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses system commands to open generated files via open, xdg-open, or start and interacts with the local environment using git and the GitHub CLI (gh) for repository exploration and issue creation.
[EXTERNAL_DOWNLOADS]: Generated HTML reports load JavaScript and CSS from external CDNs, specifically cdn.tailwindcss.com and cdn.jsdelivr.net.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the analyzed codebase, including ADRs, glossaries, and source files, to generate reports and issues. Ingestion points include file reads across the repository; capability inventory includes local file writes (temp reports) and GitHub issue creation; no explicit boundary markers or sanitization steps are defined for handling the external codebase content.
[DYNAMIC_EXECUTION]: The Mermaid diagram engine in the generated HTML reports is configured with securityLevel: "loose". This setting allows the rendering of HTML tags in labels, which could lead to browser-based script execution if module names or descriptions in the codebase contain malicious payloads.

improve-codebase-architecture