The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill identifies and processes untrusted data from project files to resume workflows, creating a surface for indirect prompt injection.
Ingestion points: The skill reads .continue-here.md (YAML and Markdown), creative briefs, parameter specifications, and architecture documents in context-parsing.md and continuation-routing.md.
Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are mentioned when interpolating file content into the summary presented to the user.
Capability inventory: The skill can execute local shell commands (cat, grep, find, git log, git diff, git add, git commit) and invoke other skills (plugin-workflow, plugin-ideation, ui-mockup, plugin-improve, plugin-lifecycle, plugin-testing).
Sanitization: No sanitization or validation logic is specified for the narrative markdown content extracted from handoff files before it is processed by the agent.
Command Execution (SAFE): The skill uses various shell commands for local environment inspection and workflow management.
Evidence: File error-recovery.md and handoff-location.md utilize find, grep, and git to locate assets and infer state. These are standard operations for a development-oriented agent and do not include high-risk patterns like sudo or remote script execution.

context-resume