The Agent Skills Directory

PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection as the skill processes untrusted code content. * Ingestion points: Phase 1 retrieves code content using git diff and file reads from the local branch. * Boundary markers: Absent; the skill lacks explicit delimiters to differentiate source code from instructions for the agent. * Capability inventory: Limited to reasoning and read-only CLI calls (git, gh); the skill itself does not define file-write or network capabilities. * Sanitization: Absent; malicious code comments could be used to manipulate the agent's findings or review process.
COMMAND_EXECUTION (LOW): The skill executes local system commands (git, gh) to fetch repository state and diffs. These are standard operations for the stated purpose and are used with static or locally-derived arguments.

find-bugs