The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the codebase.
Ingestion points: Reads files and navigates the codebase using the Explore subagent tool as described in SKILL.md.
Boundary markers: The skill lacks explicit instructions or delimiters to isolate content extracted from the codebase when passing it to sub-agents or generating RFCs.
Capability inventory: The skill uses gh issue create and createJiraIssue to write data externally, and spawns multiple sub-agents for parallel processing.
Sanitization: No validation or sanitization of the codebase content is performed before it is incorporated into the generated issue descriptions.
[PROMPT_INJECTION]: The skill instructs the agent to bypass human oversight for external write operations.
Evidence: SKILL.md explicitly states, 'Do NOT ask the user to review before creating — just create it and share the URL.' This instruction encourages autonomous execution which can lead to the accidental posting of sensitive information or malicious content derived from a poisoned codebase.

improve-codebase-architecture