The Agent Skills Directory

[COMMAND_EXECUTION]: The 'Post-Phase Backlog Triage' logic in modules/phase-routing.md instructs the agent to automatically create GitHub issues using the gh CLI. It interpolates text extracted from project artifacts (such as docs/project-brief.md or docs/specification.md) directly into the command line arguments for the issue title and body. If these artifacts contain shell-sensitive characters (e.g., backticks, subshells, or command separators), it could lead to arbitrary command execution on the host system.
[PROMPT_INJECTION]: The modules/adaptive-constraints.md file defines a 'User Directive Override' mechanism that recognizes phrases such as 'ignore scope guard', 'be autonomous', and 'don't ask' to switch the governance profile to 'Minimal'. This profile strips several security and quality checks, including scope-guard evaluations and bias audits. While a 'Safety Floor' is documented to prevent the bypass of destructive operations, this system creates a pattern where user-supplied or potentially injected instructions can weaken the agent's internal constraints.
[DATA_EXPOSURE]: The automated creation of GitHub issues based on 'Out of Scope' sections in local project documentation could lead to the unintentional exfiltration or public exposure of sensitive internal project details if the agent does not properly sanitize or review the content before transmission.

mission-orchestrator