The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the ! prefix) to execute local shell commands such as git, find, and gh to gather repository metadata at skill load time. These operations are limited to gathering development context (branch name, diff stats, PR metadata) and are consistent with the skill's purpose.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: Untrusted data from git diff, git log, and gh pr view enter the agent context via SKILL.md. Boundary markers: No explicit boundary markers or 'ignore' instructions are used for the interpolated data. Capability inventory: Subagents are configured as general-purpose with full tool access to read files and grep the repository as defined in the 'Dispatch Protocol'. Sanitization: No sanitization or escaping is performed on the external content before it is prepended to reviewer prompts. This could allow malicious instructions in code comments or PR descriptions to influence subagent behavior.

squad-review