The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes data from the local codebase which may contain untrusted content. Maliciously crafted documentation or comments could attempt to influence the agent's recommendations or the content of the generated GitHub issues.
Ingestion points: Codebase files and project documentation (such as CONTEXT.md and docs/adr/) accessed during the 'Explore' phase in SKILL.md.
Boundary markers: Absent; there are no specific delimiters or instructions defined to isolate untrusted codebase content from the agent's core logic.
Capability inventory: The skill has the ability to read the entire codebase and write to external repositories using the gh issue create command.
Sanitization: Absent; the skill does not specify any sanitization or validation of the code snippets or documentation it extracts before including them in issue bodies.
[COMMAND_EXECUTION]: The skill uses the gh (GitHub CLI) and git commands to interact with the user's repository. These operations are essential for the skill's stated purpose of shipping refactoring tasks to GitHub issues and include a mandatory confirmation step requiring the user to review the title, labels, and body before execution.

improve-codebase-architecture