The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is architected to aggregate local file content and git diffs into a unified context file for submission to external AI providers (OpenAI and Google).
Evidence: scripts/wrap_context.py collects data from the project directory to prepare prompts for external CLIs.
Mitigation: The implementation includes a SECRET_PATTERNS list for redaction and a SKIP_FILES list to prevent the inclusion of sensitive configuration files.
[COMMAND_EXECUTION]: The skill utilizes local shell and system commands to perform project analysis and environment checks.
Evidence: scripts/check_cli_available.sh executes codex and gemini commands to verify installation and authentication status.
Evidence: scripts/wrap_context.py uses subprocess.run to execute git diff commands.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing untrusted data from the local filesystem.
Ingestion Points: scripts/wrap_context.py reads arbitrary files within the project scope as directed by the task.
Boundary Markers: Uses markdown headers and code blocks; however, there are no explicit instructions in the generated context for the external AI to ignore instructions embedded within the files.
Capability Inventory: The skill facilitates code reading and preparation for external model execution, which could be influenced by malicious content in project files.
Sanitization: While the skill redacts technical secrets, it does not sanitize or filter natural language instructions contained within the gathered source code or documentation.

interop-router