The Agent Skills Directory

[COMMAND_EXECUTION]: The hooks/verify-loop.py script executes commands retrieved from the verify_commands field of task.json using subprocess.run(shell=True). This creates a path for arbitrary command execution if the task configuration file is modified.
[COMMAND_EXECUTION]: The scripts/task.py script executes git commands via subprocess.run to manage git worktrees and branch creation during the development phase.
[EXTERNAL_DOWNLOADS]: The agent definitions for code-architect, code-explorer, and code-reviewer are granted access to WebFetch and WebSearch tools, enabling them to interact with external web resources.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted codebase data and user requirements to formulate agent prompts.
Ingestion points: The scripts/get-context.py script and code-explorer agent read contents from the local codebase; scripts/setup-do.py captures the initial user task description.
Boundary markers: No explicit delimiters or instruction-ignore warnings are implemented when interpolating codebase data into agent prompts.
Capability inventory: The skill utilizes subprocess.run and provides agents with Bash, KillShell, and BashOutput capabilities.
Sanitization: The provided scripts do not perform sanitization or escaping of the ingested codebase content before prompt interpolation.
[SAFE]: The install.py script registers a persistent Stop hook in the user's ~/.claude/settings.json. This is used legitimately to maintain the state of the 5-phase workflow across agent sessions.

do