The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git diff and git diff --cached to retrieve staged and unstaged code changes from the local repository for analysis.
[COMMAND_EXECUTION]: The skill performs directory enumeration by executing ls on multiple paths including ~/.claude/skills/, ~/.agent/skills/, and ~/.agents/skills/. This is used to check for the presence of recommended companion skills and suggest their installation if missing.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from local git diffs. If a diff contains malicious instructions (e.g., in code comments), the agent could potentially be manipulated as it lacks explicit boundary markers or instructions to ignore embedded commands within the analyzed content.
Ingestion points: Local git diff output retrieved via git diff (SKILL.md).
Boundary markers: None identified; the skill does not wrap the diff in specific delimiters or instruct the agent to disregard instructions within the diff.
Capability inventory: File system enumeration (ls), reading files (git diff, read_file), and providing shell commands to the user.
Sanitization: None identified; the raw diff content is analyzed directly.

code-review-mastery