The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes shell commands such as grep, find, ls, and wc to perform architectural analysis on the target codebase. This includes scanning for specific patterns in source files (e.g., fs.write, MemoryStore, process.env) and searching for deployment-related artifacts like Dockerfile and .env files.
[COMMAND_EXECUTION]: The skill performs targeted searches for sensitive configuration files, specifically .env patterns, and hardcoded secrets using regular expressions as part of its assessment of configuration externalization. This access is intended for reporting purposes and is scoped to the project being analyzed.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external, untrusted source code during its assessment phase. Content from the analyzed files is processed to calculate readiness scores and generate a summary report, which could allow malicious instructions in the source code to influence the agent's behavior.
Ingestion points: Files located within the project directory being assessed, including source code, package manifests, and configuration files.
Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from potentially obeying commands found within the analyzed project files.
Capability inventory: Execution of filesystem analysis tools (find, grep, ls) and the ability to trigger external skill invocations (e.g., /dockerfile).
Sanitization: No evidence of input validation or content sanitization for the data retrieved from the target project.

cloud-native-readiness