!
Purpose & Capability
The skill's stated purpose is a narrow, analysis-only citation anchoring check (read a baseline JSONL and the DRAFT.md, then write a report). However the bundle contains many pipeline definitions and sizeable tooling modules (tooling/*.py, pipelines/*.md, a 275kB quality_gate module, executor logic, etc.). That large pipeline/tooling footprint is disproportionate for a small regression check and suggests the skill is a general pipeline component rather than a minimal, single-purpose checker.
ℹ
Instruction Scope
SKILL.md itself is well-scoped: it says 'analysis-only', 'Network: none', and describes reading output/DRAFT.md and the baseline JSONL and writing output/CITATION_ANCHORING_REPORT.md. However included code (tooling/executor.py) can run subprocesses (it constructs and runs repo_root/scripts/run.py) and reads/writes many workspace files. The instructions do not explicitly tell the agent to execute arbitrary scripts, but the bundled executor enables that behavior if used — this expands runtime scope beyond the simple file-compare described in SKILL.md.
✓
Install Mechanism
No external install/downloads are declared (no install spec). The skill requires only a Python binary (python3 or python) which is appropriate for included Python code. No third-party network downloads are present in the provided metadata.
✓
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That aligns with the described purpose (local file analysis).
✓
Persistence & Privilege
The skill is not marked always:true and uses the platform default (agent-invocable/autonomous allowed). It does not request to modify other skills or system-wide config in the provided files. Still, autonomous invocation combined with executor subprocess logic increases the potential blast radius if misused.
Scan Findings in Context
[subprocess.run] unexpected: tooling/executor.py uses subprocess.run to execute a script at repo_root/scripts/run.py and will capture stdout/stderr to logs. For a narrowly scoped citation-anchor check, executing repository scripts is not expected and expands the skill's runtime capabilities.
[writes_to_workspace_files] expected: The skill and bundled tooling perform file I/O (reading baseline JSONL and DRAFT.md, writing report files). File writes are expected for this purpose, but the toolkit includes wide-ranging helpers (atomic_write_text, update_status_log, backup_existing) that can modify many files in the workspace.
What to consider before installing
This skill's SKILL.md describes a safe, offline check (read baseline JSONL + DRAFT.md → produce an anchor report). However the package includes a large pipeline/tooling codebase and an executor that can run repo scripts via subprocess.run. Before installing or enabling this skill: 1) Inspect repo_root/scripts/run.py (or confirm it does not exist) — that's the executable the bundle may call. 2) Review tooling/executor.py and any entrypoint scripts to understand what will be executed and what files will be touched. 3) If you only need the simple anchor check, consider extracting or running a minimal script that performs the JSONL vs DRAFT.md comparison rather than enabling the entire bundle. 4) Run the skill in a sandbox workspace with non-sensitive files first. 5) If you do enable autonomous invocation, prefer least-privilege workspaces and ensure no secrets or sensitive files are present, because the executor could execute repo-local scripts that perform broader actions.
