The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Untrusted data enters the agent context through user-provided arguments in Phase 1, codebase files read in Phase 3, and external search/GitHub results retrieved in Phase 5. The skill lacks explicit sanitization or boundary markers for this data. These inputs influence a diagnostic process with high-privilege capabilities including file modification in Phase 7 and shell command execution in Phase 2.
[COMMAND_EXECUTION]: The protocol requires the use of the Bash tool for multiple operational tasks: executing git forensics (Phase 1, 3), running existing project test suites (Phase 2), and performing manual bug reproduction steps (Phase 2). There is a risk that malicious instructions embedded in the data being analyzed could influence the commands constructed or executed during these phases.
[EXTERNAL_DOWNLOADS]: The skill utilizes the WebSearch tool and GitHub MCP server (Phase 5) to retrieve information from external sources. While these are well-known and generally trusted services, they facilitate the introduction of remote content into the agent's reasoning loop without structural validation.

investigate