The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes bash, git, and gh (GitHub CLI) to manage project state. It executes commands to monitor working directory status, retrieve repository remote URLs, and perform operations such as git push when the ASAP mode is triggered.
[DATA_EXFILTRATION]: Actionable items and session summaries are transmitted to the external GitHub service via the gh issue create command. While this is intended for task synchronization with the project's repository, it involves the transfer of session-derived context to a remote server.
[PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it reads and processes external data that could be influenced by third-party content.
Ingestion points: Aggregates content from CLAUDE.md, Git status outputs, and existing repository issues or Pull Requests to generate handoff documentation.
Boundary markers: The instructions lack explicit delimiters or specific markers to isolate the data being read from the agent's execution logic, increasing the risk of the agent following instructions embedded in the project files.
Capability inventory: The skill has the permission to perform file system writes (handoff and outbox files), execute git commit and push operations, and create new issues on GitHub.
Sanitization: There is no evidence of rigorous validation or sanitization of the data ingested from the local environment before it is formatted into handoff text or used as issue titles.

forward