The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow involves running local shell commands such as git status, git remote, and git diff to inspect the repository state. Additionally, step 6 of the workflow allows for executing repository-specific build or test commands to verify quickstart instructions. While this involves executing code from the repository being processed, it is a standard part of the skill's intended functionality to ensure documentation accuracy.
[DATA_EXPOSURE]: The skill includes explicit security 'Brand Gates' that instruct the agent to ensure no secrets, private IDs, or internal run IDs are included in public documentation, which is a positive security practice.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading existing README.md files and package metadata.
Ingestion points: Reads README.md, package metadata, and documentation files in SKILL.md (Workflow Step 2).
Boundary markers: None explicitly defined to separate untrusted file content from instructions.
Capability inventory: Can execute git commands and repository-specific build/test scripts (Workflow Step 1, 6).
Sanitization: Relies on a 'Public safety' check gate to prevent the propagation of sensitive material, though it does not explicitly sanitize for prompt injection markers.

workbench-repo-brand-uplift