The Agent Skills Directory

[Command Execution] (LOW): The scripts/session_checkpoint.py utility invokes the system git binary using the subprocess module to gather state information. Arguments are hardcoded (e.g., rev-parse, diff, ls-files) and do not incorporate unvalidated external input, minimizing the risk of shell injection.
[Indirect Prompt Injection] (LOW): The memory_store.py script facilitates a potential vulnerability surface by retrieving user-provided notes into the LLM prompt. Ingestion points: scripts/memory_store.py accepts user input via the --note flag. Boundary markers: Retreived content is returned as bulleted lists without specific delimiters or 'ignore' warnings. Capability inventory: The skill provides no direct execution capabilities for retrieved content; it is restricted to providing context. Sanitization: Retrieval is strictly bounded by character length via the --max-chars flag (default 1200).

context-governor