The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to process external review data from markdown files to determine and implement code changes. This structure provides a surface for indirect prompt injection, where malicious instructions embedded in a PR review could attempt to hijack the agent's behavior during the remediation phase.
Ingestion points: Scoped issue files and PRD review round directories located under tasks/prd-<name>/reviews-NNN/ as specified in SKILL.md.
Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the processed issue files.
Capability inventory: The skill has the authority to modify repository source code and execute arbitrary shell commands via the repository's verification workflow.
Sanitization: Absent; the workflow does not include steps to validate or sanitize the content of the review files before processing.
[COMMAND_EXECUTION]: The workflow requires the agent to execute "the repository’s real verification commands" before completing a task. This capability, while necessary for the skill's purpose, is triggered by logic derived from untrusted external review content.

fix-reviews