The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/prepare_sidecar_task.py utilizes subprocess.run to execute standard git commands (rev-parse, status, branch) for environment discovery and manifest generation. These calls use argument lists rather than shell strings, which is a safe practice that prevents shell injection.
[DATA_EXPOSURE]: The skill is designed to read repository files and Git metadata to construct prompts for secondary AI sessions. These artifacts are stored locally in the .agent/sidecars/ directory. No external network exfiltration or unauthorized credential access was detected in the provided code.
[INDIRECT_PROMPT_INJECTION]: The skill defines an architecture for processing untrusted repository data (diffs, files) through 'sidecar' models. It mitigates potential indirect injection risks by providing specific safety templates (templates/personalization-scanner.md, templates/precommit-classifier.md) that include explicit 'non-goal' instructions for the sidecar, and by requiring the primary agent to verify all sidecar outputs before integration.

sidecar-task-runner