The Agent Skills Directory

[DYNAMIC_CONTEXT_INJECTION]: The skill uses dynamic execution syntax (!command) to gather project metadata at load time. The commands used, such as git rev-parse and find, are restricted to local repository inspection and align with the skill's functional requirements.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from git commit logs. * Ingestion points: Git commit messages are retrieved using git log in SKILL.md (Steps 4 and 5). * Boundary markers: The instructions do not define delimiters for commit message content. * Capability inventory: The skill performs file writes and manifest updates using Bash, jq, and the Write tool (Step 7). * Sanitization: No specific sanitization or validation of commit message text is implemented. However, the risk is localized to the agent's interpretation of the repo history.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform git operations, directory management, and manifest manipulation. These actions are standard for development workflow automation.

blueprint-derive-tests