The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted repository data and possesses high-privilege capabilities that can be triggered by that data.
Ingestion points: The skill maps and reads all Go files in the repository using Glob, Read, and Grep in Phase 1 and Phase 2 (via specialist agents).
Boundary markers: There are no explicit boundary markers or instructions to ignore embedded malicious instructions within the files being processed.
Capability inventory: The skill has the Bash tool and uses it to execute shell commands. In Phase 4, it executes make check and go test, which are scripts defined by the repository under review.
Sanitization: No sanitization or validation of the repository's build/test scripts is performed before execution.
[COMMAND_EXECUTION]: The skill's automated 'Fix' phase (triggered by the optional --fix flag) executes arbitrary project-defined scripts. Specifically, the instruction make check 2>/dev/null || go test ./... in SKILL.md runs commands defined in the repository's Makefile or test suite. While this is necessary for verifying fixes, it represents a command execution risk if the repository being reviewed is untrusted or contains malicious build/test definitions.

sapcc-review