The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected. The skill is designed to ingest and process untrusted data from repository diffs and logs. Evidence Chain: 1. Ingestion points: Files are read via git diff and git log in SKILL.md and scripts/review_checklist.py. 2. Boundary markers: Absent; code content is processed directly by the agent. 3. Capability inventory: Access to Bash, WebFetch, and subprocess execution. 4. Sanitization: Absent.
[COMMAND_EXECUTION] (LOW): The skill utilizes shell commands to interact with the Git environment. Evidence: SKILL.md and scripts/review_checklist.py execute git commands. Risk: The use of f-strings to interpolate the base_branch variable into subprocess arguments in scripts/review_checklist.py (lines 16, 30, 44) allows for command flag injection if the branch name is manipulated.
[METADATA_RISK] (LOW): The skill defines opaque metadata hooks (self-improving-agent and session-logger) in SKILL.md that could lead to non-deterministic behavior or automated instruction updates based on processed code.

code-reviewer