The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell commands to retrieve versioning information, commit logs, and code diffs necessary for the review process.
Evidence: Found in SKILL.md (Phase 0) executing npm view oh-my-opencode version, node -p "require('./package.json').version", git log, and git diff.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted repository data and file contents directly into agent prompts without sanitization.
Ingestion points: SKILL.md (Phase 2) interpolates variable data including {GROUP_COMMITS}, {GROUP_DIFF}, {FILE_CONTENTS}, and {FULL_DIFF} into prompts for multiple agents.
Boundary markers: The skill uses XML-style tags (e.g., <diff>, <file_contents>) to structure the data, which provides a logical separation but does not prevent instruction-override attacks embedded within the data.
Capability inventory: The skill has the capability to execute shell commands and load the review-work skill, which orchestrates further agents.
Sanitization: There is no evidence of sanitization or specific instructions for the agents to ignore potential commands embedded within the diffs or commit messages.

pre-publish-review