The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill constructs shell commands (rm -rf) to delete specific files within the ./plans/ directory. While this facilitates the skill's purpose, it executes commands based on local file naming.
[PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection surface. The skill processes data from the local environment that could contain instructions. 1. Ingestion points: plan.md and phase-*.md files are read from the ./plans/ directory. 2. Boundary markers: Absent; there are no instructions to the agent to treat plan content as passive data or to ignore embedded commands. 3. Capability inventory: Shell execution (rm), Git operations (/commit, /git-cp), and subagent creation (journal-writer). 4. Sanitization: Absent; file content is directly summarized into journal entries.

plan-archive