The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local bash scripts (tools/get-diff.sh, tools/analyze-risks.sh, tools/severity-gate.sh) to automate the extraction and analysis of Git diffs. These tools are provided within the skill package and perform legitimate security auditing functions.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Git diffs for analysis. Malicious instructions could be embedded in code comments to attempt to influence the agent's semantic review step. Evidence: Ingestion point is the git diff extraction in tools/get-diff.sh; Boundary markers are absent; Capabilities include shell command execution and file access; Sanitization is limited to YAML character escaping in tools/get-diff.sh. Severity is low as this is a known risk for any tool processing external code content.

skill-prevention-layer