The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates user-provided data directly into prompts used by subagents (build and deep). Ingestion points: the {idea} and {notes_short} variables in references/prompts.md are inserted into planning and critique prompts. Boundary markers: No clear delimiters or ignore-instructions warnings are wrapped around these inputs. Capability inventory: The agent possesses capabilities for file writes, git operations, and session persistence via the /never-stop command. Sanitization: There is no evidence of filtering or validation of user-supplied ideas before they are processed by the subagents.
[COMMAND_EXECUTION]: The skill workflow involves executing shell commands to manage project state and verify changes. Evidence: references/prompts.md and SKILL.md refer to executing 'git log --oneline', 'git status', and atomic commits during the execution and review phases.
[SAFE]: The skill implements strong defensive measures through an adversarial architecture. The evaluation logic in references/evaluation.md assigns the highest priority weight (3.0) to security concerns identified by critics, which specifically mitigates the risk of executing dangerous plans generated from malicious inputs.

megaplan