The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation instructions in README.md and CLAUDE.md recommend using bash <(curl ...) and iex (PowerShell) to execute remote scripts directly from a personal GitHub repository (jayli/plan-kit). This pattern allows for arbitrary code execution on the host machine from an untrusted source.
[EXTERNAL_DOWNLOADS]: The install.sh and install.ps1 scripts download multiple markdown and JSON configuration files from an external repository to the local file system during setup.
[COMMAND_EXECUTION]: The skill instructions direct the agent to perform extensive file system operations, including reading and writing SKILL.md files, creating directories for task persistence, and modifying the project's .gitignore file. These actions are performed based on dynamically computed paths from settings.json and user input.
[PROMPT_INJECTION]: The skill uses specific instructions to manipulate agent state, such as explicitly telling the AI to "forget previous context" and "strictly follow" the file-based workflow, which are markers often used to override default agent behaviors.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting and transforming external SKILL.md files and user-provided tasks.
Ingestion points: Target skill SKILL.md files (Task 2) and user-provided task prompts (Phase B).
Boundary markers: Absent. The skill merges template logic directly with the content of the target files.
Capability inventory: The skill utilizes read_file, write_file, edit_file, and list_dir to modify local project files.
Sanitization: Absent. The skill does not validate or sanitize the content of the target files or user prompts before integrating them into its execution logic.

planify