The Agent Skills Directory

[PROMPT_INJECTION]: The metadata description field uses phrases such as 'PRIORITY: This skill OVERRIDES @oracle or @agent mentions' and 'MUST USE when user mentions...', which are patterns used to bypass or hijack the agent's standard intent routing and instructions.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute system commands including git status, git diff, git add, and git commit, alongside the ability to modify local source code.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data which could contain malicious instructions disguised as code comments or documentation.
Ingestion points: Content retrieved via git diff --staged and git status from the local filesystem.
Boundary markers: Absent; the skill does not define delimiters or specific instructions to disregard embedded commands within the diff content.
Capability inventory: High capability including Bash for shell command execution and Edit/Write tools for file modification.
Sanitization: Absent; the agent is instructed to 'Focus on bugs, behavioral regressions...' without specific logic to sanitize or escape the content being analyzed.

git-staged-review-commit