The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates an Indirect Prompt Injection surface by requiring the agent to ingest and strictly obey instructions found in project-local files. It explicitly commands the agent to treat these files as "Mandatory" and "Critical," stating that internal training data is "outdated" compared to this external context.
Ingestion points: Reads navigation.md, .oac.json, and priority files (e.g., code-quality.md, security-patterns.md) from the resolved context_root and project directories.
Boundary markers: Absent. There are no delimiters or specific instructions to the agent to sanitize or ignore instructions embedded within the loaded context files.
Capability inventory: Capability to read files, execute tool-based slash commands (/context-discovery), and delegate tasks with the loaded context to other agents (coder-agent).
Sanitization: Absent. No evidence of content validation or filtering for the external context files before they are processed by the agent.
[COMMAND_EXECUTION]: The skill uses specific tool-based commands and file-read operations to implement the discovery protocol.
Evidence: Commands such as /context-discovery and instructions to Read: {context_root}/... are used to interact with the environment.
Evidence: The discovery protocol checks the user's home directory path ~/.claude/context/navigation.md for global configurations.
[EXTERNAL_DOWNLOADS]: The skill documentation references a mechanism for downloading external context bundles.
Evidence: The /install-context command is described as a way to "download context first" or "download standard context bundles."

context-discovery