Workspace Anchor

The skill is classified as suspicious due to significant prompt injection risks in its agent instructions and the use of shell command execution. Both SKILL.md and README.md explicitly instruct the AI agent to use `exec`, `find`, or `ls` to locate files, granting broad shell execution capabilities. While the stated purpose is benign (finding `.project-lock` files), this instruction creates a vulnerability where a malicious follow-up prompt could leverage this granted capability for unauthorized actions. Additionally, the Node.js code in `lib/discover.js` and `lib/validate.js` uses `child_process.execSync` for system commands like `find` and `cat/grep/sed`, and to interact with an external `project-enforcer.sh` script, which, while quoted, represents powerful execution capabilities.