The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it incorporates data from untrusted external sources (git history, branch names, and the bd issue tracker) into the agent's context without sanitization.\n
Ingestion points: The skill reads git metadata via git pull/fetch and issue details using the bd CLI tool as described in SKILL.md.\n
Boundary markers: Absent; there are no instructions provided to the agent to delimit or ignore instructions that may be embedded in commit messages or issue descriptions.\n
Capability inventory: The skill allows the use of Bash, Write, and Edit tools, granting the agent the ability to execute code and modify the file system based on potentially malicious input.\n
Sanitization: Absent; the skill does not specify any validation or filtering for content retrieved from external sources.\n- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute git operations and a proprietary issue-management CLI tool named bd.\n
Evidence: Multiple references to bd update, bd create, and bd close for managing tasks, as well as complex git commit commands.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to synchronize code with remote repositories.\n
Evidence: Frequent use of git fetch origin, git pull origin main, and git push to manage remote state.

git-workflow