The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands to collect information for report generation. Evidence: It invokes git diff --name-status to identify modified and created files. Evidence: It uses a custom CLI tool buildgit status --gitlog to capture commit history and build metadata.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by automatically following instructions found within the repository it is reviewing. 1. Ingestion points: The skill is instructed to read CLAUDE.md, specs/CLAUDE.md, and *-spec.md files (specifically #### Implementation Log sections) for "project-specific customizations" and "summary instructions". 2. Boundary markers: No delimiters or instructions to ignore nested prompts are implemented when processing these external file contents. 3. Capability inventory: The agent has access to shell execution (git, buildgit) and file system writes (specs/done-reports/). 4. Sanitization: The skill instructions command the agent to 'Apply any customizations found' and states that 'Customizations from the project CLAUDE.md take precedence', allowing potentially malicious instructions in repository files to bypass default safety constraints or alter agent behavior.

workreview