The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell commands including 'npm run test:run', 'npm run test:coverage', 'npm run typecheck', and 'git diff'. These commands are used for their intended purpose of verifying implementation completeness and test coverage within the development environment.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes untrusted external data in the form of code diffs and task artifacts. • Ingestion points: The skill reads integrated diffs ('git diff main...integration') and artifact files specified in the state file (documented in SKILL.md and references/worked-example.md). • Boundary markers: There are no explicit boundary markers or instructions defined to isolate external data from the agent's core instructions. • Capability inventory: The skill possesses significant capabilities including the execution of shell commands ('npm', 'git') and interaction with the orchestrator via 'exarchos_orchestrate' and 'exarchos_workflow' actions (documented in SKILL.md and references/review-checklist.md). • Sanitization: The skill does not mention explicit sanitization, validation, or filtering of the content within the code diffs before processing.

spec-review