The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill workflow relies on executing several local commands including git, ls, and third-party CLIs ao and bd. While these are used for information gathering, the ao and bd tools are non-standard dependencies not explicitly defined in the skill metadata.
[DYNAMIC_EXECUTION] (LOW): The scripts/validate.sh file utilizes eval to execute validation checks. Although the current implementation uses hardcoded strings, the use of eval is a poor security practice that could be exploited if the script's input source were expanded.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data (git commit messages, issue titles) and interpolates them into a 'Continuation Prompt' intended for future AI sessions.
Ingestion points: Data is pulled via git log, bd current, and ao ratchet (SKILL.md).
Boundary markers: None identified; untrusted content is placed directly into markdown templates.
Capability inventory: The skill has file-write capabilities (mkdir, redirecting output to .md files).
Sanitization: None. There is a theoretical risk that a malicious commit message could contain instructions designed to influence the agent in the subsequent session.

handoff