The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the gh api command to fetch collaborator lists and roles from GitHub. This is used as a security measure to prioritize feedback from trusted sources like admins and maintainers.
[PROMPT_INJECTION]: The skill implements a self-improvement loop that processes untrusted session data and promotes it to persistent storage in files like CLAUDE.md and memory. This creates a surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Session conversation and PR feedback in Step 2. 2. Boundary markers: Uses a presentation plan in Step 5 and requires user approval via AskUserQuestion before execution. 3. Capability inventory: Filesystem access for reading/writing project config and memory, plus skill creation capabilities. 4. Sanitization: Lacks explicit sanitization of extracted strings, relying on user review for safety.
[DATA_EXFILTRATION]: The skill reads project-specific memory and configuration files located in the .claude/ directory and user home directory to establish context. While it identifies sensitive data, no evidence of exfiltration to unauthorized domains was detected.

self-improve