The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill executes bash scripts/uptodate.sh found within the target repository after creating a git worktree. This allows the execution of arbitrary code provided by the repository being processed.- [REMOTE_CODE_EXECUTION]: The skill dynamically generates a new agent skill definition (SKILL.md) at runtime and subsequently invokes it. This 'dynamic skill generation' pattern creates new executable instructions based on external context.- [DATA_EXFILTRATION]: The create-branch.sh script automatically copies environment files such as .env and .env.local from the main repository to newly created worktree directories. This results in the movement and increased exposure of sensitive configuration and credentials.- [EXTERNAL_DOWNLOADS]: The skill fetches content from several external platforms including JIRA, Confluence, and Figma, as well as general web URLs via WebFetch. While these are well-known services, the retrieved data is used to drive the implementation process.- [COMMAND_EXECUTION]: The skill utilizes multiple CLI tools including git for worktree management, gh for GitHub interaction, and the entire CLI for environment setup. It also uses node to run internal utility scripts via lifecycle hooks.- [PROMPT_INJECTION]: The skill presents a significant surface for indirect prompt injection. It ingests large amounts of untrusted data from JIRA tickets, Confluence pages, and Figma designs which are synthesized into the implementation plan and the dynamic skill's prompt. There are no explicit sanitization steps or boundary markers in the skill generation template to mitigate instructions embedded in these external sources.
Ingestion points: JIRA ticket content (Phase 2), Confluence pages and GitHub data (Phase 3.2), Figma designs (Phase 3.2), and web content (Phase 3.2).
Boundary markers: Absent. The dynamic skill template does not include delimiters or 'ignore' instructions for the context files.
Capability inventory: The orchestrated skills have access to Read, Bash, and Write tools.
Sanitization: Absent. Content is summarized and then used directly in task calls.

forge