The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill utilizes hardcoded shell commands to manage internal state and verify file existence. Evidence: references/resume-project.md contains bash scripts using ls, cat, and find to check the .planning/ directory. These operations are limited to a specific local path, which restricts the potential for arbitrary command execution.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection by design. Ingestion points: It reads content from STATE.md, PROJECT.md, and .continue-here*.md files within the references/resume-project.md workflow. Boundary markers: Analysis shows no delimiters or specific 'ignore embedded instructions' warnings are applied to the data read from these files. Capability inventory: The skill has the ability to execute shell commands, write to the filesystem (STATE.md), and route the user to further workflows. Sanitization: No sanitization or validation of the ingested file content is performed before the data is presented to the agent or used to determine next actions.

kata-resume-work