The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_report.py executes local bundled Python scripts (detect_framework.py, analyze_structure.py, analyze_dependencies.py) using the subprocess module. This is the intended design for aggregating analysis results. The commands are passed as argument lists, which prevents shell injection vulnerabilities.
[DATA_EXPOSURE]: The skill identifies the presence of configuration and environment files (e.g., .env, package.json, tsconfig.json) to map the project's technical stack. The analysis only reports on the existence and paths of these files; it does not read or expose sensitive secrets contained within them.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted project data (file contents and directory names) and includes them in a Markdown report. While there are no explicit delimiters or sanitization for the generated report content, this is a standard risk for document-processing tools and is consistent with the skill's primary purpose.

project-reader