The Agent Skills Directory

[COMMAND_EXECUTION]: Step 8 of the workflow implements a discovery mechanism to identify and run linting and type-checking commands from the project environment (e.g., scripts in package.json). This allows for execution of malicious code if the project being reviewed has been tampered with. Furthermore, Step 7 and 9 use high-privilege commands like 'git add -A', which stages and commits all changes in the branch, potentially including unauthorized modifications or backdoors introduced during the session.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of processing external data. Ingestion points: Task titles, descriptions, story content, and source code diffs retrieved from Linear or the file system. Boundary markers: The instructions lack explicit delimitation or instructions for the agent to ignore directives embedded within the data being reviewed. Capability inventory: The skill possesses powerful capabilities including arbitrary shell execution (Step 8), file creation (Step 6), and repository-wide commits (Step 7/9). Sanitization: No filtering or sanitization process is defined to neutralize potential malicious instructions within the ingested content.

ln-402-task-reviewer