The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform repository analysis and delivery tasks.
Evidence: Runs git rev-parse, wc -l, and environment detection in Phase 0.
Evidence: Uses the gh (GitHub) CLI to create branches, push commits, and open pull requests with inline comments in the PR Delivery phase.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests user-controlled configuration files and passes their content to subagents for analysis.
Ingestion points: Reads CLAUDE.md, .claude/rules/*.md, and various .json configuration files from the project environment.
Boundary markers: The prompt for audit subagents interpolates file content (e.g., first 200 lines of CLAUDE.md) without explicit sanitization or delimiters to prevent embedded instructions from influencing the agent's logic.
Capability inventory: The skill can execute Bash commands (git, gh), write to local files, and spawn sub-tasks.
Sanitization: No specific sanitization or filtering of the ingested content is mentioned before it is passed to the audit agents.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch official technical documentation.
Evidence: Research subagents are instructed to fetch documentation from https://docs.anthropic.com for settings, permissions, memory, and best practices.
Context: These operations target a well-known service (Anthropic) and are used to build the 'Expert Context' required for the audit.

claudit