The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes multiple Python scripts to execute shell commands using the subprocess.run module. These commands include git for repository management and worktree creation, gh (GitHub CLI) for interacting with pull requests and issues, and warden for code analysis. These are legitimate operations required for the skill's functionality. Evidence found in scripts/_utils.py, scripts/scan.py, scripts/create_issue.py, and scripts/organize.py.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes repository content and tool-generated metadata.
Ingestion points: Repository files and findings from the warden analysis tool (scripts/scan.py, data/all-findings.jsonl).
Boundary markers: Absent; the templates in references/verify-prompt.md and references/patch-prompt.md interpolate finding data directly into instructions without strict delimiter-based separation.
Capability inventory: File system read/write access, git worktree manipulation, and GitHub PR/issue management via the gh tool.
Sanitization: Minimal; while finding IDs are sanitized for path safety, finding descriptions and titles are used directly in subagent prompts.
[EXTERNAL_DOWNLOADS]: The skill requires pre-installed system tools such as warden, uv, and gh. It does not perform unauthorized remote code downloads or execute scripts from untrusted external sources during runtime.

warden-sweep