The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill has a significant Indirect Prompt Injection vulnerability surface. It is instructed to ingest untrusted data (source code, git diffs) via the Bash and Read tools. It lacks boundary markers to separate data from instructions and performs no sanitization. This allows attackers to embed malicious instructions in code comments that could manipulate the agent's behavior during the 'Linus Torvalds' review process.
[COMMAND_EXECUTION] (HIGH): The skill explicitly grants the agent shell access via the Bash tool to retrieve code ('git diff') and read files. Using a shell to process untrusted input (like user-provided paths or diff outputs) without strict validation is a dangerous pattern that can lead to arbitrary command execution or unauthorized file access.
[PROMPT_INJECTION] (MEDIUM): The skill's core philosophy (#1 'Trust Upstream Data') explicitly instructs the agent to remove defensive code patterns. If the agent adopts this 'lack of defense' when handling its own inputs or executing shell commands, it intentionally bypasses security best practices, making it easier to exploit.

taste-check