The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests untrusted data from repository files and git commit history that could contain malicious instructions designed to influence the agent's summary or subsequent actions. 1. Ingestion points: AGENTS.md, README.md, package.json, git log output, and memory synthesis results via totalrecall. 2. Boundary markers: Absent; untrusted data is processed directly without explicit delimiters or warnings to ignore embedded instructions. 3. Capability inventory: File system read access, git history execution, ticketing tool (tk) execution, and worker delegation via the teams tool. 4. Sanitization: Absent; the agent is instructed to read and summarize the content as raw text.
[Command Execution] (SAFE): The skill uses local commands git log and tk list to gather project state. These operations are consistent with the skill's stated purpose and do not involve shell piping or external downloads.
[Data Exposure] (SAFE): The agent reads standard project configuration and documentation files. No sensitive system paths or credentials are accessed, and no external exfiltration was observed.

ctx