Octolens

The skill bundle provides a legitimate client for the Octolens API. The `SKILL.md` instructions guide the AI agent on how to interact with the API, including handling API keys and constructing queries, without any evidence of prompt injection attempting to manipulate the agent into malicious behavior. The Node.js scripts (`scripts/*.js`) are straightforward API clients, making requests only to the documented `https://app.octolens.com/api/v1` endpoint, and do not attempt to access sensitive local files, exfiltrate data, or execute arbitrary code. The `allowed-tools: Node Read` permission is appropriate for executing the bundled Node.js scripts.