The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Bash scripts and tools like jq and sed to manage project directories and state files.
Evidence: Stage 3 and Stage 4 use Bash loops to scan directories and jq to query state.json. Stage 10 uses mv to move directories.
Safety Note: The skill uses safe practices such as passing shell variables to jq using the --arg flag and quoting directory paths in shell commands.
[DATA_EXFILTRATION]: No network operations or sensitive data access (like SSH keys or credentials) were detected. The skill operates strictly on project-specific files such as TODO.md, specs/state.json, and directory structures within the workspace.
[INDIRECT_PROMPT_INJECTION]: The skill reads from potentially untrusted files (e.g., reports, summaries) to suggest 'memories'.
Ingestion points: reports/, plans/, and summaries/ directories.
Capability inventory: Edit, Write, Bash tools.
Mitigation: The skill incorporates a mandatory human-in-the-loop step via the AskUserQuestion tool before applying suggestions or creating memory files, significantly reducing the risk of automated exploitation.

skill-todo