The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs destructive file system operations including rm -rf and mv. These operations rely on variables (${PHASE_DIR}, ${SRC}) derived from searching the file system and parsing project documents like ROADMAP.md and STATE.md. There is a risk of unintended file deletion if paths are maliciously crafted or incorrectly parsed.
[COMMAND_EXECUTION]: The skill executes a local Node.js script (node scripts/kata-lib.cjs) and invokes another skill (kata-doctor). This assumes the presence and security of local project scripts which are not verified by the skill itself.
[PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8).
Ingestion points: The skill reads and parses data from .planning/ROADMAP.md and .planning/STATE.md to determine which phases to remove and renumber.
Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing the contents of these files.
Capability inventory: The agent has capabilities to delete directories (rm -rf), move files/directories (mv), and commit changes to version control (git commit).
Sanitization: There is minimal sanitization of data read from external files before it is used in shell commands. The use of find and grep on user-controlled or file-derived strings without strict escaping presents a command injection surface.

kata-remove-phase