The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from git commits and modified files which could contain malicious instructions designed to manipulate agent behavior. 1. Ingestion points: git diff output and contents of modified repository files. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard embedded commands in the reviewed files. 3. Capability inventory: Uses TaskCreate for workflow management, AskUserQuestion for user interaction, and performs file write operations to the plans/reports/ directory (SKILL.md). 4. Sanitization: No sanitization, escaping, or validation logic is applied to the ingested content.
[COMMAND_EXECUTION]: Executes read-only git commands to analyze repository status. Evidence: git diff --name-only in SKILL.md.

watzup