The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection because the agent is tasked with systematically reading untrusted content from the repository. 1. Ingestion points: Step 2 of SKILL.md requires reading README, architecture documentation, and source modules. 2. Boundary markers: Absent; there are no specific instructions to ignore embedded prompts within the analyzed files. 3. Capability inventory: File system read and write access (via the execplan-create skill) and general repository analysis capabilities. 4. Sanitization: Absent; repository content is modeled without filtering or sanitization.
[COMMAND_EXECUTION]: The skill workflow involves using git history to identify change frequency. This implies the standard execution of git subcommands for repository analysis, which is a safe and expected operation for this use case.

find-best-refactor