The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing system commands to perform its core functions. scripts/scan.py runs the warden tool and git for repository analysis. scripts/create_issue.py, scripts/index_prs.py, and scripts/organize.py use the gh CLI tool to interact with GitHub for creating issues, listing pull requests, and managing labels. SKILL.md also orchestrates repository modifications using git worktree and git push during the patching phase.
[EXTERNAL_DOWNLOADS]: The skill interacts with GitHub's official services using the gh CLI to fetch pull request metadata and diffs. These operations target a well-known service and are documented as standard behavior for the skill's purpose.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) because it ingests untrusted code from the repository being scanned and incorporates finding data into instructions for subsequent subagent tasks.
Ingestion points: scripts/scan.py enumerates repository files, the warden tool reads their content, and scripts/index_prs.py fetches existing pull request data from GitHub.
Boundary markers: The subagent prompts defined in SKILL.md for Phase 2 (Verify) and Phase 4 (Patch) use structured Markdown headers (e.g., '## Finding', '## Instructions') to separate analysis data from agent instructions.
Capability inventory: The skill has significant capabilities, including the ability to run arbitrary system commands via subprocess.run (git, gh, warden) across multiple scripts, and the ability to modify repository code and create pull requests.
Sanitization: The skill does not appear to perform explicit sanitization or escaping of the content found in repository files or analysis findings before interpolating them into the templates used to prompt subagents.

warden-sweep