The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill README recommends installation from an external GitHub repository (https://github.com/jezweb/claude-skills) and suggests downloading tools like gitleaks from their respective release pages. These sources do not match the provided author name (evolv3ai) and are not on the explicit trusted vendors list.- [COMMAND_EXECUTION]: The skill performs extensive automation using system CLI tools. Key actions include git repository management (init, add, commit, push, tag), GitHub CLI operations (gh auth, gh repo create, gh release create, gh pr create), and project-specific tasks like npm audit and build testing.- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it processes untrusted data from web searches and project files, which is then used to construct planning documents and shell commands. * Ingestion points: WebSearch results used in explore-idea.md; local project files such as package.json and SESSION.md used in release and session-management commands. * Boundary markers: Missing markers to delimit external content when it is interpolated into git commit messages, brief documents, or shell command arguments. * Capability inventory: Significant capabilities including full file system modification (Read, Write, Edit), shell command execution (Bash), and network-facing git/GitHub operations. * Sanitization: No explicit sanitization or validation logic is defined for external strings before they are processed by the agent's tools.

project-workflow