The Agent Skills Directory

[PROMPT_INJECTION]: The skill performs project discovery in Phase 0 by reading untrusted files such as README, package.json, and CI configurations to identify project conventions and commands. This presents an indirect prompt injection surface where malicious instructions embedded in those files could attempt to influence the agent's behavior during planning or implementation. Ingestion points: Project configuration and documentation files (discovered in Phase 0). Boundary markers: Explicit user approval is required for both the intent block (Phase 1) and the plan document (Phase 2) before implementation begins. Capability inventory: File system write access for creating plan files and command execution for running build, lint, and test scripts. Sanitization: No explicit sanitization or validation of the discovered project content is mentioned.
[COMMAND_EXECUTION]: During the implementation and gap audit phases (Phase 3 and Phase 4), the skill identifies and executes project-specific commands for building, linting, and testing. The safety of these operations is dependent on the security of the script definitions and binaries found within the target repository's configuration.

plan-driven-change