The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands through the Bash tool to retrieve repository metadata and changes. Specifically, it executes git log, git diff, and gh pr view. These operations are used for legitimate context gathering and are limited to standard version control interactions.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from project files such as DESIGN.md, TODOS.md, and plan documents.
Ingestion points: Reads content from plan file, CLAUDE.md, AGENTS.md, DESIGN.md, and TODOS.md as specified in SKILL.md.
Boundary markers: Absent; there are no explicit delimiters or warnings instructing the agent to ignore embedded instructions in these files.
Capability inventory: The skill has access to Read, Edit, and Bash tools, allowing it to modify files or execute shell commands based on its analysis.
Sanitization: Absent; the skill does not perform validation or escaping of the content read from project files before processing it.
Note: This represents a standard surface for indirect prompt injection common in development tools; the risk is mitigated by the highly structured nature of the 10-pass review process.

plan-design-review