The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell scripts for project discovery, path validation, and git state management. These scripts are bundled with the skill and are called using absolute paths derived at runtime. The instructions include safety guidelines for path handling to prevent hallucination and ensure consistency.
[SAFE]: Path validation is implemented in scripts/validate.sh to prevent directory traversal attacks by checking for .. sequences and ensuring operations are scoped to the .dev/ directory. Input normalization is also used to sanitize feature names before they are used in file paths.
[SAFE]: Git operations and file persistence (writing the checkpoint) are protected by human-in-the-loop checkpoints. The agent must present findings and wait for a "yes" confirmation before proceeding to commit or save files.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted PRD files and session history. Ingestion points: PRD files in .dev/$FEATURE_NAME/ and session logs. Boundary markers: The generated continuation prompt uses XML-like tags to delimit data. Capability inventory: The skill possesses file-write and git-commit capabilities. Sanitization: Basic name normalization is performed. The risk is minimized by the mandatory user review step (Step 6), where the user must verify analyzed context before it is persisted.

dev-checkpoint