The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically generates plans containing verification steps and executes them via the Bash tool. This dynamic execution of generated logic creates a potential for unauthorized command execution if the plan generation process is influenced by malicious input.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from user task descriptions and local project files to drive its agentic workflow.
Ingestion points: Processes user-supplied task descriptions as arguments and reads existing project files such as .workflow/state.json and .workflow/project.md in Step 2 to define its actions.
Boundary markers: The instructions do not define any delimiters or safety prompts to prevent the agent from following instructions embedded within the processed task description or codebase data.
Capability inventory: The skill utilizes Bash for shell execution and Read, Write, and Edit for filesystem modifications across all scripts.
Sanitization: There is no explicit validation or sanitization of the input text or ingested file content before it is used to generate the execution plan and subsequent shell commands.

maestro-quick