The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command`` syntax) within SKILL.md to execute shell and Python commands when the skill is loaded. These commands execute uv run sam list to display project features and run a Python snippet to extract active task state from local context files. This allows for automated command execution triggered by the agent simply loading the skill context.
[COMMAND_EXECUTION]: In scripts/get_task_context.py, the skill utilizes subprocess.run to call other Python scripts within its own directory structure (e.g., implementation_manager.py) to retrieve state information.
[REMOTE_CODE_EXECUTION]: The skill scripts, including implementation_manager.py and task_status_hook.py, modify sys.path to perform dynamic dependency loading from computed relative paths. It resolves and imports vendor modules such as backlog_core and sam_schema from directory paths located several levels above the skill's own root, which can lead to code execution from unintended locations if the filesystem structure is manipulated.
[PROMPT_INJECTION]: The skill processes untrusted task files from the project repository, creating a surface for indirect prompt injection.
Ingestion points: Reads Markdown and YAML task files (e.g., tasks-*.md, P*.yaml) from the project's plan/ directory.
Boundary markers: Data is delimited using standard YAML frontmatter markers (---).
Capability inventory: The skill has the ability to read and write to the filesystem, execute subprocesses, and interact with the GitHub API via internal dependencies.
Sanitization: The skill uses ruamel.yaml with the safe loader (typ='safe') to mitigate structured data injection, but it does not perform explicit sanitization of natural language fields (like task titles or context) before they are incorporated into the agent's reasoning path.

implementation-manager