The Agent Skills Directory

[SAFE]: The skill does not contain any malicious patterns, obfuscation, or unauthorized data access. All operations are local to the project's designated todo directories.
[COMMAND_EXECUTION]: Uses standard shell commands like mkdir and mv for directory creation and file management. These are used only when native tool equivalents are unavailable, which is consistent with the skill's file-based management purpose.
[PROMPT_INJECTION]: Analyzed for indirect prompt injection surfaces as the skill reads external markdown files.
Ingestion points: Reading todo files from .context/compound-engineering/todos/ and todos/ during triage and completion workflows.
Boundary markers: The skill uses a structured markdown template and YAML frontmatter to separate metadata from task content.
Capability inventory: Tool access is limited to file manipulation and basic directory management; the disable-model-invocation: true flag prevents the agent from autonomously calling other skills or tools based on file content.
Sanitization: No explicit content sanitization is performed, but the restricted toolset and platform-level constraints effectively mitigate the risk of accidental instruction obedience.

todo-create