The Agent Skills Directory

[SAFE]: No malicious patterns such as prompt injection, unauthorized data access, or remote code execution were found. The skill includes a robust verification checklist to ensure findings are contextually accurate and reduces the risk of false positives.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to analyze untrusted code and project plans from the workspace. * Ingestion points: Workspace files accessed via Read, Grep, and Glob tools. * Boundary markers: None are explicitly defined to isolate analyzed content. * Capability inventory: Writing to files via TodoWrite and spawning sub-agent tasks via the Task tool. * Sanitization: Findings derived from untrusted content are interpolated into reporting templates and sub-agent prompts without explicit sanitization. This surface is considered acceptable as it is a fundamental requirement for the skill's code review and risk assessment functionality.

premortem