The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git commands such as git log and git diff using a secured execution wrapper (safeExec) to analyze the repository's history and state.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from the environment into the generated PR description without proper isolation.- [PROMPT_INJECTION]: Evidence of vulnerability surface:- Ingestion points: Commit messages from getRecentCommits, diff statistics from getDiffStat, and the contents of work/governance-report.json in src/lib.ts.- Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from obeying instructions that might be embedded in commit messages or governance reports.- Capability inventory: The skill utilizes safeExec for command execution and safeReadFile for accessing the local filesystem.- Sanitization: No sanitization or validation is performed on the data retrieved from git or the JSON report before it is rendered into the PR body.

pr-architect