The Agent Skills Directory

[SAFE]: The skill implements a robust security model for processing untrusted implementation plans. It uses a multi-stage subagent pipeline that centralizes untrusted file reading and sanitization in a dedicated subagent (plan-snapshotter), which redacts credentials and summarizes content to prevent malicious instruction propagation.\n- [PROMPT_INJECTION]: The skill manages a surface for indirect prompt injection via the processing of untrusted local files. This surface is evaluated as safe due to strong design mitigations. Ingestion points include PLAN_PATH and SOURCE_CONTEXT_PATHS. Boundary markers are provided via explicit instructions to treat these files as data and ignore embedded tool requests or instructions. The capability inventory is limited to Read, Write, and Task tools. Sanitization is performed by the plan-snapshotter subagent, which redacts secrets and provides summarized excerpts rather than verbatim content propagation.\n- [SAFE]: No high-risk operations were identified. The skill does not access the network, does not execute arbitrary code or shell commands, and operates within a restricted set of local file operations.

validate-implementation-plan