The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands (git and gh) using variables derived from user-provided arguments, such as TIME_WINDOW and PATH_SCOPE. There is a risk of command injection if the executing agent does not strictly validate or sanitize these inputs before shell execution.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes external, potentially attacker-controlled data from the repository. Ingestion points: Git commit history (git log) and GitHub Pull Request metadata (gh pr list). Boundary markers: Absent; the instructions do not provide delimiters or warnings for the agent to ignore instructions embedded in the analyzed content. Capability inventory: Shell command execution (git, gh) and file system write access (creating snapshots and modifying .gitignore). Sanitization: Absent; there is no specified logic to sanitize or escape commit messages or PR titles before processing.

engineering-retro