The Agent Skills Directory

[Indirect Prompt Injection] (SAFE): The skill is designed to read and process external data from the project workspace, including source code files and generated PRDs, creating a surface for indirect prompt injection if those files contain malicious instructions. However, the skill includes explicit 'Implementation: BLOCKED' guardrails and self-correction protocols to mitigate this risk. \n
Ingestion points: references/plan.md (reads package.json, tsconfig.json, and project files), references/refine.md (reads documents in .mula/outputs/). \n
Boundary markers: Uses 'MULA MODE' state assertions and explicit 'Implementation: BLOCKED' warnings in every reference file. \n
Capability inventory: Tools include Bash, Read, Grep, Glob, and Write. \n
Sanitization: Instructions include a 'Self-Correction Protocol' (DETECT → STOP → CORRECT → RESUME) to ensure the agent adheres to its planning role and avoids unintended code execution. \n- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool for project structure discovery (e.g., ls -R src). This is a legitimate use of the tool within the context of a technical planning assistant and is not used for arbitrary command execution.

mula-refine