The Agent Skills Directory

Indirect Prompt Injection Surface: The skill processes data from external regulatory sources and policy diffs, which represents a potential surface for indirect instructions. * Ingestion points: Data enters the agent's context through updates to gap-tracker.yaml and comment-tracker.yaml from upstream analysis tools. * Boundary markers: The instructions explicitly label citations as unverified and mandate a per-send confirmation step for all notifications. * Capability inventory: The skill is capable of sending messages via Slack and writing to local tracking files. * Sanitization: Security is maintained by requiring the user to explicitly approve a preview of every Slack message and by providing contextual warnings regarding AI-generated citations.
External Communications Management: The skill utilizes Slack for notifications but implements a rigorous human-review gate. It requires the agent to present the user with the exact message content and recipient count before any data is transmitted, preventing automated or unintended outreach.
Plugin Data Access: The skill reads and writes tracking information within its designated local configuration directory (~/.claude/plugins/config/). This localized file management is consistent with its intended purpose as a persistent policy tracking system.

gap-surfacer