The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes local shell commands to analyze the repository state and determine the change set for review.
It executes gh repo view to identify the default branch and git commands such as rev-parse, merge-base, and diff to calculate the branch scope.
These are legitimate uses of developer tools and follow standard patterns for repository analysis.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core functionality involves reading and interpreting untrusted data from the project's source code.
Ingestion points: The skill reads the full content of changed files in the branch, as well as unchanged 'seam-partner' files (callers and callees).
Boundary markers: The instructions do not define boundary markers (such as XML tags or specific delimiters) to separate source code data from agent instructions.
Capability inventory: The skill utilizes the Agent tool to spawn sub-agents for exploration and interface design. It also possesses the capability to write to the file system to update CONTEXT.md or create Architecture Decision Records (ADRs) in the docs/adr/ directory.
Sanitization: There is no evidence of sanitization or filtering applied to the ingested code content to prevent embedded instructions from influencing the agent's behavior.

improve-branch-architecture