The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a persistent 'ACTIVE_UNTIL_STOP' mode that changes standard agent behavior, compelling it to continue autonomous execution based on triggers like 'while true', 'non-stop', or 'keep going' until an explicit 'stop' is received.
[PROMPT_INJECTION]: The 'Execution Continuity Contract' explicitly forbids the agent from stopping after status reporting, mandating that it must start the next task before emitting a checkpoint response, which reduces the opportunity for human intervention.
[PROMPT_INJECTION]: The 'Reality-over-plan rule' and 'Situation Assessment Protocol' instruct the agent to prioritize information found in the current repository state (files, logs, and uncommitted work) over previous instructions, creating a vector where malicious data in the workspace can influence the agent's logic.
[COMMAND_EXECUTION]: The skill grants the agent the authority to autonomously select and execute tasks, including reading files, running validation commands, and making code edits, without requiring per-step approval while in the 'while-true' loop.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from repository files (ROADMAP.md, PLAN.md, TODO.md) to derive its next actions.
Ingestion points: Processes content from canonical plan files, modified files, failing tests, and logs (SKILL.md).
Boundary markers: None specified for delimited content or ignoring embedded instructions.
Capability inventory: Capable of reading/writing files and executing validation commands (SKILL.md).
Sanitization: No evidence of sanitization or validation of the ingested content before it influences the execution loop.

while-true