The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is instructed to use the GitHub CLI (gh) to create issues autonomously for every architectural opportunity found. It explicitly directs the agent not to wait for user confirmation ('Do not wait for the user to pick', 'Do not confirm with the user'). This high level of autonomy could lead to unintended issue creation or the exposure of sensitive codebase details if the agent is misled by malformed code or embedded instructions.
[PROMPT_INJECTION]: The skill reads and processes the entire codebase, including domain-specific documentation like CONTEXT.md and Architecture Decision Records (ADRs). This introduces a surface for indirect prompt injection where malicious instructions within the repository could influence the agent's behavior during analysis or issue generation.
Ingestion points: Reads codebase files and documentation via the Explore subagent.
Boundary markers: Does not define delimiters or instructions to ignore commands potentially embedded in the analyzed files.
Capability inventory: Performs file system reads and executes shell commands via the gh CLI.
Sanitization: There is no mention of sanitizing or validating codebase content before it is interpolated into the GitHub issue body templates.

ops-improve-codebase-architecture