The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes several command-line tools, including git, jq, and a bundled utility named flowctl located in the .opencode directory. It follows security best practices by requiring the use of quoted heredocs (<<'EOF') when passing generated content to shell commands, which prevents the shell from interpreting or executing any potentially malicious characters contained within the processed text.
[PROMPT_INJECTION]: The skill processes untrusted data from user requests and repository research to generate plans. It manages the risk of indirect prompt injection through its structured workflow.
Ingestion points: User-provided feature descriptions via $ARGUMENTS and external information retrieved by research subagents in steps.md.
Boundary markers: The use of quoted heredocs in steps.md acts as a security boundary to prevent command injection when writing plan files.
Capability inventory: The skill executes local CLI tools and modifies project state within the .flow directory.
Sanitization: The skill includes a mandatory automated review loop (/flow-next:plan-review) to validate the generated output for safety and correctness before finalization.

flow-next-opencode-plan