The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from multiple sources to perform its review.
Ingestion points: Project design documents (docs/design/*.md), GitHub issue titles/labels/descriptions via gh issue list, and the project's source code files.
Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the processed files.
Capability inventory: The skill can execute shell commands via the GitHub CLI (gh), run test runners (bun test, pytest), and perform file system writes to update documentation or fix code inconsistencies.
Sanitization: Absent. The skill does not explicitly sanitize content retrieved from GitHub or local files before it is processed by the agent.
[COMMAND_EXECUTION]: The skill executes several shell commands as part of its standard workflow.
Uses gh issue list and gh issue create to interact with GitHub repositories.
Runs bun test and pytest to verify implementation quality.
These are legitimate uses consistent with the skill's purpose, but represent a vector if inputs to these commands are influenced by malicious data in the repository.

post-implementation-reviewer