The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill has an attack surface where malicious data in a repository could influence agent behavior. 1. Ingestion points: Reads data from git log and git diff (SKILL.md, case-study-historical-context.md). 2. Boundary markers: Absent; git outputs are interpolated directly into generated descriptions. 3. Capability inventory: Execution of build/test tools and network-enabled submission via gh pr create. 4. Sanitization: No validation or escaping of external content before processing.
Command Execution (SAFE): The skill uses local subprocesses (npm, go, pytest) for their intended purpose of validating code before submission. The validation script validate.sh uses eval for routine environment checks.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access (e.g., SSH keys), or unauthorized network exfiltration patterns were detected.
Prompt Injection (SAFE): The skill does not contain instructions to bypass agent safety filters or override system-level constraints.

pr-prep