The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git commands (diff, status, branch) to gather metadata about the repository's current state. This is legitimate behavior required for the skill to provide workflow recommendations.
[PROMPT_INJECTION]: The skill analyzes external data including git diffs and markdown documentation, which presents a surface for indirect prompt injection. The skill mitigates this through safety constraints in its 'Dispatch Mode,' requiring a high confidence score (0.8+) and sanitizing command arguments to only allow file paths and specific CLI flags, preventing the injection of arbitrary strings into commands.
Ingestion points: Git command output and documentation files in the docs/features/ directory processed by scripts/analyze.js.
Boundary markers: None identified.
Capability inventory: Local execution of git commands and the ability to trigger secondary agent slash-commands via the Skill tool.
Sanitization: The buildNextActions function in scripts/analyze.js implements a filter that only permits arguments containing file extensions, paths, or starting with dashes (flags).

next-step