The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted data (git diffs) which may contain malicious instructions embedded in code comments or documentation intended to manipulate the agent's output.
Ingestion points: Git diff output and branch statistics (SKILL.md).
Boundary markers: Absent; there are no specific instructions to treat the diff content as data only.
Capability inventory: Local git command execution.
Sanitization: Absent; the skill directly reviews diffs to draft a response.
Command Execution (SAFE): The workflow involves standard git operations which are necessary for the skill's stated purpose.
Evidence: git merge-base and git diff --stat (SKILL.md).

pr-summary