The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform filesystem operations such as directory creation (mkdir -p), searching for files (find), and listing active sessions. It also executes ccw cli and ccw spec commands for codebase analysis and constraint loading.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted data from the local codebase and user-provided requirement files. This data is interpolated into prompts for sub-agents like context-search-agent and action-planning-agent to generate implementation plans and executable task JSONs.
Ingestion points: Reads contents from the codebase during context gathering (Phase 2), conflict resolution (Phase 3), and verification (Phase 5).
Boundary markers: Uses structured formats like JSON and specific Markdown sections to organize data, but lacks explicit "ignore embedded instructions" delimiters for all codebase-derived inputs.
Capability inventory: The skill has significant capabilities including Bash execution, Write/Edit access to the filesystem, and the ability to spawn sub-agents.
Sanitization: While it uses structured planning notes and prioritized context tiers, it does not explicitly sanitize codebase content before passing it to LLM-driven sub-agents.
[DATA_EXPOSURE]: The skill performs extensive codebase scanning and metadata extraction to create context-package.json. While this is intended for its primary purpose of planning, it involves reading sensitive structural information and dependency graphs.

workflow-plan