The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection leading to command execution due to unsafe variable interpolation in shell command templates.
Ingestion points: Variables {feature-name}, {pr-number}, {name}, and {feature} are sourced from the agent's task context, which may include untrusted user input.
Boundary markers: None present. The variables are placed directly into shell command strings without delimiters or escaping.
Capability inventory: The skill performs subprocess execution of the git binary and several local shell scripts.
Sanitization: No evidence of sanitization or validation of the input variables before they are passed to the shell.
[COMMAND_EXECUTION] (MEDIUM): The skill executes multiple external scripts located in the ./scripts/ directory.
Evidence: Calls to ./scripts/worktree-feature.sh, ./scripts/worktree-review.sh, ./scripts/worktree-cleanup.sh, and ./scripts/log-skill.sh.
Risks: While these are local references, their absence from the analyzed skill content makes their behavior unverifiable and potentially dangerous if they perform higher-privileged operations.

git-workflow