The Agent Skills Directory

Prompt Injection (MEDIUM): The 'Pickle Rick Persona' section contains a 'God Mode' instruction: 'If a tool is missing, INVENT IT.' This encourages the agent to bypass operational constraints, ignore system limitations, and potentially hallucinate or attempt to execute unauthorized commands if it perceives a tool is missing.
Indirect Prompt Injection (LOW): The skill is designed to ingest and process external, potentially untrusted data from ${SESSION_ROOT}, including research.md and tickets. It lacks explicit boundary markers or instructions to treat embedded instructions in those files as data rather than commands.
Ingestion points: research.md, research_*.md, and ticket files within ${SESSION_ROOT}.
Boundary markers: None present in the SKILL.md file to delimit external content.
Capability inventory: File writing (plan_[date].md), codebase investigation (codebase_investigator), and dynamic skill transition (activate_skill).
Sanitization: No sanitization or validation of the input research or ticket data is performed before processing.
Dynamic Execution (LOW): The skill uses activate_skill("plan-reviewer") to dynamically transition control to another skill. While common in agentic workflows, it relies on the existence and safety of the target skill string.

implementation-planner