The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it is designed to process untrusted code from repository branches.\n
Ingestion points: Untrusted content is ingested through git diff commands and file reading operations by the subagent as specified in SKILL.md.\n
Boundary markers: The skill does not provide delimiters or clear instructions to the subagent to ignore embedded natural language commands within the analyzed files.\n
Capability inventory: The subagent is empowered to perform tasks via the Task tool and read repository files, which could be misused if instructions in the code are accidentally obeyed.\n
Sanitization: No sanitization or escaping of the ingested code content is performed prior to analysis.

code-review