The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and reviews untrusted code from the repository.
Ingestion points: Code file names and contents gathered via git diff and find as described in Step 1.
Boundary markers: No explicit delimiters or boundary instructions are defined to prevent the agent from following instructions potentially embedded within the code being analyzed.
Capability inventory: The skill utilizes shell commands (git, find, mkdir, python3, jq), spawns parallel subagents via the Task tool, and writes analysis results to the local filesystem.
Sanitization: No sanitization or validation of the ingested code content is performed before it is processed by subagents.

review-llm-artifacts