The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes a 'Plan Content Trust Contract' section that explicitly defines processed data (like implementation plans and commit messages) as inert. It instructs the agent to ignore any imperative commands found within this data, specifically mentioning 'ignore previous instructions' as an example of a directive to suppress.
[CREDENTIALS_UNSAFE]: A 'Secret Hygiene' mechanism is implemented to detect and redact common secret patterns (e.g., API keys, JWTs, private keys) using regex overlays before any data is rendered to the user or stored in the rejected findings ledger.
[EXTERNAL_DOWNLOADS]: The skill implements a 'fail-closed' security posture regarding external URLs. It explicitly blocks the fetching of remote plans to mitigate the risk of ingesting malicious content from untrusted sources.
[DATA_EXFILTRATION]: There are no detected network operations or unauthorized data transfer mechanisms. The skill uses SHA-256 hashing to generate fingerprints for deduplication, ensuring that the original text of findings (which might contain sensitive info) is not persisted in the ledger.
[INDIRECT_PROMPT_INJECTION]: Although the skill ingests untrusted data from implementation plans and review tools, it mitigates indirect prompt injection risks through a mandatory confirmation gate with digest binding and an inert-data contract.

review-scope-guard