The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with local command-line tools including Git for committing documentation changes and various monorepo managers (npm, pnpm, yarn, turborepo, lerna, nx) for package discovery and metadata retrieval. These operations are restricted to the local workspace and align with the skill's stated purpose.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of source code files (.ts, .tsx) and existing documentation. While it utilizes a multi-agent 'Review Council' to evaluate the quality and intent of the generated documentation, it lacks explicit technical boundary markers or sanitization steps to isolate potential instructions embedded within the source code comments from the agent's task context. This constitutes a standard attack surface for indirect prompt injection, though mitigated by the documentation-only scope and human-in-the-loop commit process.

fusion-package-scribe