The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection via the !date and !ls commands to fetch current system information when the skill is loaded. These commands are used for innocuous purposes but involve executing shell code at load time.
[COMMAND_EXECUTION]: User-provided $ARGUMENTS are used to construct file system paths for writing and searching documents (e.g., docs/{project}/). This presents a potential path traversal vulnerability if the agent or platform does not adequately sanitize the project and slug identifiers.
[PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by ingesting data from external files. Ingestion points: Files matching docs/{project}/*.md and templates in @_templates/. Boundary markers: None identified. Capability inventory: Uses Bash, Write, and Edit tools to modify the file system and log entries. Sanitization: No explicit sanitization or validation of the ingested file content is specified.

doc