The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands such as git status, git diff, git log, gh pr view, and gh pr diff to determine the development context. These commands are limited to read-only repository inspection and are standard practices for development-oriented agents.
[PROMPT_INJECTION]: The skill reads external data including code diffs, commit messages, and PR metadata into the agent's context, which constitutes a surface for indirect prompt injection.
Ingestion points: Commit messages, branch names, and code diffs are ingested via shell commands in SKILL.md.
Boundary markers: There are no explicit delimiters or warnings to ignore embedded instructions within the ingested git data.
Capability inventory: The skill executes read-only git/gh commands for inspection but does not have file-write or unauthorized network access capabilities.
Sanitization: Output from git and GitHub CLI is not sanitized or escaped before being presented to the agent. Given the specific development use case and the read-only nature of the operations, this surface is identified as part of the intended functionality and does not represent a significant security risk.

sensei-assess