The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill automatically detects and executes the project's local test suites (e.g., npm test, npx vitest, pytest, cargo test, go test). This creates a significant risk of arbitrary code execution if the repository being analyzed contains malicious test scripts.
[DATA_EXFILTRATION]: The 'Secrets Exposure Check' utilizes git grep to identify patterns matching PRIVATE_KEY, API_KEY, PASSWORD, and TOKEN. These findings, including the matching lines, are incorporated into the report, effectively exposing sensitive credentials to the AI's context and conversation history.
[COMMAND_EXECUTION]: The skill executes a wide array of shell commands to gather metadata, including dependency managers (npm outdated, pip list, cargo outdated), type checkers (npx tsc, mypy, go vet), and the GitHub CLI (gh).
[PROMPT_INJECTION]: The skill ingests untrusted content from git commit messages, pull request titles, and README files. There is a risk of indirect prompt injection where malicious instructions embedded in these fields could influence the 'Summary' or 'Recommended Next Steps' generated by the agent.
[COMMAND_EXECUTION]: The skill contains hardcoded directory path logic (/Users/espen/Dev/<project-name>). While intended for convenience, this exposes the user's local directory structure and could be used to facilitate targeted file access.

git-project-status