The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git log and gh pr list commands to extract historical data and peer review feedback from the repository. This information is used to identify common errors and established conventions that are not documented elsewhere.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from the repository being analyzed.
Ingestion points: The discovery phase reads various files (e.g., README.md, ARCHITECTURE.md), git history, and pull request descriptions.
Boundary markers: The instructions do not implement explicit delimiters or safety warnings for the data ingested during the discovery phase.
Capability inventory: The agent can write to persistent instruction files (such as CLAUDE.md, .cursorrules, or .windsurfrules) and is instructed to spawn sub-agents for rule validation.
Sanitization: There is no mention of sanitizing or escaping the content extracted from the repository before it is used in the synthesis of new instructions. This represents a low-severity risk where malicious content within a repository could influence the rules generated for the agent.

agent-instruction-forge