The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git diff main...HEAD to retrieve code changes for analysis, which is a standard operation required for its functionality.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from source code diffs. An attacker could embed instructions in code comments to influence the agent's generated testing steps. * Ingestion points: Untrusted code changes ingested via git diff as described in SKILL.md. * Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the input. * Capability inventory: Limited to text generation; the skill does not have file-writing or network capabilities. * Sanitization: No sanitization or validation of the input diff is performed.

pr-manual-testing