The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/trace_requirement.py performs local searches in the git commit history using subprocess.run. The implementation passes arguments as a list to the git binary without invoking a shell, which is a secure method that mitigates command injection risks.
[PROMPT_INJECTION]: The skill's analysis scripts, such as scripts/trace_status.py, ingest and parse content from project-local markdown documents. While this introduces a potential surface for indirect prompt injection if the documents contain adversarial instructions, it is a core functional requirement of the traceability analysis and is managed as a low-risk behavior.
[DATA_EXPOSURE]: The skill includes security-best-practice documentation in references/logging-patterns.md, providing explicit guidance and code examples for masking sensitive data (e.g., passwords and tokens) before logging, which reflects a security-conscious design.

tdl