The Agent Skills Directory

[PROMPT_INJECTION]: The skill interpolates user-provided arguments directly into a subagent's system-level prompt (e.g., 'Implement Phase N for feature {feature-id}'). A malicious user could attempt to provide a feature ID that contains instructions to override or bypass the subagent's intended behavior.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by reading and parsing {feature-path}/tasks.md from the local filesystem to determine the execution phases. If an attacker can influence the content of this file, they could potentially inject instructions that are processed when the agent builds the implementation plan.
[COMMAND_EXECUTION]: The skill executes local shell commands such as git branch --show-current to resolve feature identifiers from the environment. It also provides instructions for the agent to execute further commands like uv run ruff and uv run pytest upon completion.

autopilot