The Agent Skills Directory

[COMMAND_EXECUTION]: The skill suite performs automated local command execution as part of its core functionality. Specialized components like ship/SKILL.md and qa/SKILL.md execute git commands (e.g., git merge, git push) and test runners (e.g., pytest, npm test) to automate the software development lifecycle. These actions are consistent with the skill's stated purpose.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to ingest and process untrusted data from the local repository, such as source code and git diffs, in the review/SKILL.md and qa/SKILL.md tools.
Ingestion points: Source code files and git diffs (e.g., git diff origin/main...HEAD) are read into the agent's context for analysis.
Boundary markers: The instructions do not define explicit boundary markers to separate the ingested code from the agent's system instructions.
Capability inventory: The skill has the capability to execute shell commands, write files to the local system via state_manager.py, and create Pull Requests on remote repositories.
Sanitization: There is no evidence of sanitization or filtering of the ingested source code content before it is processed by the LLM.

gstack-openclaw-skills