The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from local project files which creates a surface for indirect prompt injection.\n- Ingestion points: Reads and analyzes plan.md, spec.md, conductor/tech-stack.md, and conductor/product.md.\n- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the context loaded from these files.\n- Capability inventory: The skill can invoke other internal skills (cto-advisor, context-loader, plan-critiquer) and appends review reports to plan.md, potentially allowing a malicious plan to influence subsequent agent actions.\n- Sanitization: No sanitization, validation, or escaping of the content processed from project files is performed.

cto-plan-reviewer