The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the !command syntax in SKILL.md to execute shell commands like git rev-parse and cat during initialization. This is used for locating the repository root and loading local configuration files. These operations are benign and typical for developer-focused tooling.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes data from the STRATEGY.md file and uses it to populate pulse reports without implementing strong boundary isolation.
Ingestion points: Data is pulled from STRATEGY.md (metrics and product name) and .compound-engineering/config.local.yaml (pulse settings).
Boundary markers: The report assembly process in references/report-template.md lacks explicit boundary markers or 'ignore' instructions for the interpolated data placeholders.
Capability inventory: The skill is authorized to use the Bash, Write, Read, Glob, and Grep tools.
Sanitization: Although the skill includes logic to prevent the inclusion of PII in reports, it does not include sanitization to strip or escape potential prompt injection payloads within the ingested strategy data.

ce-product-pulse