The Agent Skills Directory

[SAFE]: Analysis of the skill instructions and metadata revealed no evidence of obfuscation, hardcoded credentials, malicious persistence, or unauthorized data exfiltration.
[COMMAND_EXECUTION]: The skill executes standard git commands, including git diff and git log, to extract information about code changes and commit history for the review process.
[PROMPT_INJECTION]: The skill processes untrusted input in the form of git diffs, commit messages, and external specification files, which creates a surface for indirect prompt injection.
Ingestion points: Data retrieved via git diff, git log, and file reads from docs/ or specs/ are ingested and passed to sub-agents.
Boundary markers: The instructions do not define explicit delimiters or boundary markers to prevent the model from following instructions embedded within the code diffs or commit messages.
Capability inventory: The skill is capable of executing shell commands (git) and spawning additional general-purpose sub-agents via the Agent tool.
Sanitization: No sanitization or filtering of the retrieved git data or spec content is performed before interpolation into the sub-agent prompts.

memo-review