The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It reads and analyzes code files from the src directory which are considered untrusted input. Maliciously crafted comments or strings within these files could attempt to override the agent's instructions (e.g., instructing the agent to ignore errors or approve malicious code).
Ingestion points: The skill uses git diff and the read tool to ingest file content from the src directory during Phase 2 of the workflow.
Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are used when interpolating file content into the analysis context.
Capability inventory: The agent has the ability to use the edit tool to modify files and call an external skill yy-frontend-commit to finalize changes.
Sanitization: There is no evidence of sanitization or filtering of the file content before it is processed by the LLM.
[COMMAND_EXECUTION]: The skill uses shell commands via the git tool (git diff --name-only HEAD and git diff --cached --name-only) to identify changed files. While these are standard operations for a code review tool, they represent a surface for potential command injection if file names or repository states are maliciously manipulated, though this is a standard risk for development tools.

yy-frontend-vue2-review