The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or unauthorized network operations were detected across the 81 analyzed files.
[COMMAND_EXECUTION]: The skill instructs the agent to perform code verification using project-native commands like npm run typecheck, npm test, and tsc --noEmit. These are standard development workflows for auditing and refactoring TypeScript codebases.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a potential attack surface for indirect prompt injection because it processes external source code provided by the user.
Ingestion points: Files from the user's project (tsconfig.json, source files, project structure) are read into the agent's context during the 'Reviewing' and 'Implementing' phases.
Boundary markers: The skill defines explicit 'Guardrails' in SKILL.md to constrain agent behavior, though it does not use specific delimiters for user-provided code.
Capability inventory: The agent is authorized to write code, run shell commands for testing (npm test, tsc), and analyze project structure.
Sanitization: There is no explicit sanitization of the input code mentioned, relying on the LLM's inherent safety filters and the architectural constraints provided in the skill.

develop-clean-architecture