The Agent Skills Directory

[COMMAND_EXECUTION]: The run_shell_command function in cli.py executes shell commands using subprocess.run(..., shell=True). This includes verification commands generated by the AI planner and bootstrap or doctor commands defined in the local project configuration. Additionally, the init_repo function in cli.py performs a chmod(0o755) operation on the doctor.sh script to make it executable before it is called by the harness.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its reliance on untrusted repository data for task generation.
Ingestion points: The collect_planner_context function in cli.py aggregates file lists and content snippets from various repository locations (e.g., configs/, scripts/, docs/) to provide context to the AI.
Boundary markers: Data is enclosed in XML-style tags like <repo-context> and <implementation-plan> within the prompt strings defined in build_planner_prompt and build_worker_prompt.
Capability inventory: The skill can execute shell commands, manage git worktrees and branches, and modify repository files.
Sanitization: There is no validation or sanitization of the repository-sourced data to prevent embedded instructions from influencing the AI's task generation or injecting malicious shell commands into the generated task backlog.

codexloop