The Agent Skills Directory

[PROMPT_INJECTION]: The skill incorporates defensive measures against both direct and indirect prompt injection. A restricted system prompt (references/templates/plan-system-prompt.txt) enforces read-only behavior during the planning phase. While the skill ingests untrusted data from repository files (Ingestion points: rg, cat, and git commands in scripts/code-plan and skills/coding-agent/SKILL.md), the risk is mitigated by structured prompt headers (Boundary markers: TASK CONTEXT, PLAN CONTENT), a mandatory human-in-the-loop approval gate (Sanitization: APPROVE command requirement), and a capability inventory limited to approved implementation tasks.
[COMMAND_EXECUTION]: The skill automates coding workflows by orchestrating CLI tools such as codex, claude, and gh. All command execution is controlled via robust wrapper scripts (scripts/safe-impl.sh, scripts/safe-review.sh) that enforce timeouts, block forbidden bypass flags like --max-turns, and verify git branch status before modifications occur.
[EXTERNAL_DOWNLOADS]: Preflight and setup documentation (scripts/doctor, README.md) refer to official and trusted package registries for dependencies such as the OpenAI and Anthropic CLIs (@openai/codex and @anthropic-ai/claude-code).
[SAFE]: The skill demonstrates security best practices by separating planning from execution. No evidence of malicious obfuscation, hardcoded credentials, unauthorized persistence, or deceptive metadata was identified. Internal tools like 'lobster' and 'acpx' are integral components of the vendor's ecosystem.

coding-router