The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses several shell commands to extract data from the local environment and manage files:
Git Operations: Executes git diff, git show, git log, git shortlog, git branch, and git status to analyze code changes and project history across multiple prompts (e.g., diff-review.md, project-recap.md).
GitHub CLI: Uses gh pr diff to fetch Pull Request data.
System Utilities: Employs standard tools like base64, rm, wc, grep, which, test, open, and xdg-open for processing images, counting lines, and opening generated reports in the browser.
[EXTERNAL_DOWNLOADS]: The generated HTML templates reference external libraries and fonts from well-known services:
Frontend Libraries: Fetches mermaid.js, chart.js, and anime.js via the cdn.jsdelivr.net content delivery network. These are standard libraries for rendering diagrams and charts.
Typography: Loads font families from fonts.googleapis.com to style the generated reports.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data (source code, commit messages, and git diffs) and interpolates it into HTML templates.
Ingestion points: Reads file content, git logs, and plan documents (prompts/diff-review.md, prompts/fact-check.md).
Boundary markers: Output is structured via HTML/CSS templates provided in the skill.
Capability inventory: Possesses shell execution capabilities (git, gh, open) and file modification capabilities (fact-check.md performs in-place edits).
Sanitization: No specific sanitization logic is detailed, but the generated content is rendered in a local browser context, limiting the immediate risk of remote execution.

visual-explainer