The Agent Skills Directory

[SAFE]: A comprehensive audit of the skill instructions and associated documentation reveals no patterns of malicious behavior, data exfiltration, or unauthorized remote code execution.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool for legitimate operations including local git management (status, log, diff, commit) and running test suites. These actions are clearly defined and limited to the scope of development workflow automation.
[PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it processes task definitions from local markdown files. 1. Ingestion points: docs/devdocs/04-dev-tasks*.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, TodoWrite. 4. Sanitization: Absent. However, given the skill's primary purpose as a developer productivity tool, this ingestion is necessary and the risk is mitigated by the structured TDD process and human-in-the-loop checkpoints.
[SAFE]: The skill incorporates critical safety invariants, such as a mandatory check for clean worktrees and a strict policy of never pushing code to remote servers automatically.

devdocs-dev-workflow