The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes standard development commands including git merge-base, git diff, dotnet test, and dotnet reportgenerator. These operations are limited to the specific tasks of identifying code changes and running tests with coverage collection.
[DATA_EXPOSURE]: The skill accesses the TestResults directory to read and display coverage summaries. This behavior is localized to the project workspace and is consistent with the skill's stated purpose of reporting coverage data.
[INDIRECT_PROMPT_INJECTION]: The skill has an indirect injection surface as it processes untrusted data from the local environment (git branch names and file paths) and interpolates them into bash commands. While it lacks explicit sanitization for shell metacharacters, the risk is mitigated by the restricted set of allowed tools and the fact that it operates within the user's own development environment.
Ingestion points: Branch names from git merge-base, file paths from git diff, and user-provided project names.
Boundary markers: None present.
Capability inventory: Subprocess execution via Bash for git, dotnet, rm, and platform-specific 'open' commands.
Sanitization: No explicit escaping or validation is performed on the variables before command interpolation.

coverage-report