The Agent Skills Directory

[SAFE]: The skill performs read-only architectural reviews of local project files. It contains explicit instructions prohibiting the agent from writing code, modifying source files, or reassigning tasks, ensuring a limited and safe operational scope.
[CREDENTIALS_UNSAFE]: The skill proactively manages credential safety by directing the agent to extract only non-sensitive fields from worker state files and forbids echoing raw data that might contain secrets.
[COMMAND_EXECUTION]: The skill utilizes curl to send POST requests containing review verdicts to a local endpoint (127.0.0.1). This communication is restricted to the local environment and used for workflow coordination.
[PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it processes various external data sources which could contain embedded instructions.
Ingestion points: Data is read from multiple local files including .ralph/SPEC.md, CLAUDE.md, and project source code.
Boundary markers: There are no specific delimiters or instructional headers used to separate untrusted data from the agent's logic.
Capability inventory: The skill's capabilities are restricted to file reading and local network communication via curl; it lacks dangerous tools such as arbitrary shell execution on untrusted input or file-write access.
Sanitization: Mitigation is limited to explicit instructions for filtering fields when reading project state files.

ralph-kage-bunshin-architect