The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted codebase content to generate refactoring RFCs, creating a risk of indirect prompt injection where malicious instructions embedded in code comments could influence the architectural designs or the content of the generated GitHub issue. (1) Ingestion points: Codebase files are explored via the Agent tool with subagent_type=Explore. (2) Boundary markers: No explicit instructions are provided to ignore or delimit embedded instructions within the codebase files. (3) Capability inventory: The skill uses the 'gh' CLI tool to create issues and spawns multiple sub-agents to process data. (4) Sanitization: No sanitization or validation of the ingested code content is performed before interpolation into sub-agent prompts or the final GitHub issue template.
[PROMPT_INJECTION]: The skill instructions explicitly bypass user oversight for network-bound actions. Step 7 specifies 'Do NOT ask the user to review before creating' when using the 'gh issue create' tool, which increases the risk that injected or malformed content is published to a repository without human verification.

improve-codebase-architecture