The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. (1) Ingestion points: Untrusted data is ingested from git diffs and untracked files in specialist-review.sh, and from module source files in test-review-request.sh. (2) Boundary markers: The prompt templates in references/review-prompt.md and references/audit-prompt.md use markdown sections and code blocks for interpolation but lack instructions to the LLM to ignore instructions embedded within the data. (3) Capability inventory: The skill utilizes secondary agents to produce reviews and audits which directly influence the subsequent actions of the implementer agent, including code remediation and repository commits via cortex. (4) Sanitization: The content of the files and diffs is not sanitized or escaped before interpolation.
[COMMAND_EXECUTION]: Automated Workflow Execution. The skill uses shell scripts to orchestrate loops, invoking system utilities (git, python3, wc, sed, mktemp) and external CLI tools (claude, gemini, codex, codanna, cortex). This execution is required for the skill's stated purpose of driving atomic commits and independent reviews.
[EXTERNAL_DOWNLOADS]: Environment Dependencies. The skill requires an external Python package, claude_ctx_py, and several CLI tools to be pre-installed in the environment. While no runtime downloads from URLs were detected, these dependencies are necessary for the review parsing and LLM communication logic.

agent-loops