The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill's primary function is to ingest and interpret external, potentially untrusted data such as Git logs, PR discussions, and project documentation. This creates a surface for indirect prompt injection where an attacker could influence the agent by placing instructions in commit messages or historical documents. • Ingestion points: Git history, decision records (ADRs), and PR history. • Boundary markers: Absent; the skill does not suggest delimiters or warnings to ignore instructions within analyzed data. • Capability inventory: The skill utilizes file system reading and Git log searches to inform agent reasoning and documentation output. • Sanitization: No sanitization or validation of the historical text is defined.

Tracing Knowledge Lineages