The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through several data ingestion points.\n
Ingestion points: Processes untrusted data from git log (commit messages), /skill-logs (runtime error messages), and /review-room (stored community lessons) in Step 0 and Step 1.\n
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when presenting this data to the agent for analysis.\n
Capability inventory: The skill possesses high-privilege capabilities including Bash for command execution and Edit for modifying source code in the plugins/sanctum/ directory.\n
Sanitization: There is no evidence of sanitization or filtering of the ingested log and commit data before it is used to generate workflow improvements in Step 3.\n- [DATA_EXFILTRATION]: The skill exports session-derived data to an external public platform.\n
Evidence: Step 7.2 instructs the agent to post 'tooling learnings' to a public GitHub Discussions page at https://github.com/athola/claude-night-market/discussions.\n
Context: While this targets the vendor's repository, posting session artifacts (tool calls, errors, artifacts touched) to a public forum may inadvertently expose sensitive environment details or proprietary logic if not carefully reviewed by the user.\n- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to interact with the system and external APIs.\n
Evidence: Executes numerous local CLI tools (/skill-logs, pensive:skill-review, /review-room, /validate-plugin) and standard system commands (git, python3, gh).\n
Risk: The automated issue creation logic in modules/auto-issue-creation.md handles external strings (like titles and descriptions) that could lead to command injection if not strictly validated by the platform, although shell quoting is present.

workflow-improvement