The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified in the workflow iteration logic.
Ingestion points: The skill reads findings from council reports in .agents/council/*.md and follow-up items from .agents/rpi/next-work.jsonl.
Boundary markers: Absent. The skill interpolates parsed strings (like titles and failure reasons) directly into subsequent commands without delimiters or 'ignore' instructions.
Capability inventory: The system can execute shell commands, read/write files, and invoke other powerful skills such as /plan, /crank, and /rpi.
Sanitization: Absent. There is no evidence of validation or escaping for data harvested from files before it is used in command arguments.
Evidence: references/gate-retry-logic.md (lines 20-33) and references/gate4-loop-and-spawn.md (lines 33-40) demonstrate the extraction of findings and titles that are immediately used as arguments for new cycles.
[COMMAND_EXECUTION] (SAFE): The provided scripts and documentation utilize standard shell utilities (ls, grep, wc, git, basename) for workspace management. These calls are local in scope and serve the primary purpose of the tool.
[EXTERNAL_DOWNLOADS] (SAFE): The skill documentation references local Python and Shell scripts (e.g., scripts/rpi/run-shard.py), but no remote downloads or piped execution from external URLs were found.

rpi