The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill is designed to process untrusted external data (git diffs) which serves as an injection vector. • Ingestion points: Git staged/unstaged diffs and branch comparisons as specified in SKILL.md. • Boundary markers: Absent; the skill does not define delimiters or provide 'ignore embedded instructions' warnings for the code being reviewed. • Capability inventory: Reading local repository state and file contents via git tools; influencing downstream subagent logic. • Sanitization: Absent; there is no logic to filter or escape instructions found within code comments or strings.

code-review