The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a wide variety of shell commands for file discovery and analysis, including ls, cat, grep, find, and wc. It also invokes project-level build and test tools like npm, pytest, and go test which execute code defined within the analyzed project.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it performs analysis on untrusted data from the codebase.
Ingestion points: Reads external content from local files such as README.md, source code in src/, package.json, and CI/CD configuration files.
Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the processed files.
Capability inventory: Significant capability to execute shell commands, run project test suites, and interact with the mcp_codebase_memory MCP tool.
Sanitization: Absent. File contents are read and processed directly without validation or escaping.
[DATA_EXPOSURE]: The workflow includes searching for and reading sensitive configuration files such as .env and *.config.*, and specifically audits the codebase for hardcoded secrets. While this is a common auditing task, it involves the agent handling potentially sensitive credentials.

understand-codebase