The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill includes a shell script scripts/resume.sh and instructions for the agent to use git commands. The shell script is used for status reporting and is restricted to local file reading using standard utilities like grep, sed, and git log. No arbitrary command execution or dangerous shell patterns were found.
[PROMPT_INJECTION] (SAFE): The skill implements a workflow that reads from IMPLEMENTATION_PHASES.md and SESSION.md. While these files represent an ingestion surface for potentially untrusted data (Indirect Prompt Injection), the skill's logic is focused on structured tracking and documentation. No evidence of malicious behavior or bypassing of agent constraints was found.
Ingestion points: The agent reads project planning and session state files during the /wrap-session and /continue-session workflows described in SKILL.md.
Boundary markers: The protocol uses markdown headers and specific key-value markers (e.g., **Next Action**:) to delineate data fields.
Capability inventory: The skill allows the agent to write to SESSION.md and perform git commit operations using its standard toolset.
Sanitization: Not applicable; the skill relies on the agent's internal logic to parse and generate markdown based on the provided templates.

project-session-management