The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted input from $ARGUMENTS and existing project files (such as CLAUDE.md and documentation in docs/) to generate design documents. This represents a surface for indirect prompt injection where malicious instructions embedded in those sources could influence the agent's behavior or output. Ingestion points: $ARGUMENTS variable and local files in the docs/ directory and CLAUDE.md. Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill's instructions. Capability inventory: The skill has the capability to write new markdown files to the docs/tasks/ directory and commit them via git. Sanitization: No explicit sanitization or validation of the ingested content is defined.
[COMMAND_EXECUTION]: The skill instructions involve executing a shell command ('date') to generate timestamps for filenames. This is a standard and restricted use of system utilities that does not incorporate unsanitized user input into the command string itself.

plan