The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git rev-parse commands to discover the repository root and branch name. These are standard, low-risk operations used to scope the skill's activities to the current project directory.\n- [DATA_EXFILTRATION]: While the skill saves conversation transcripts to the local filesystem, it incorporates a comprehensive redaction mechanism. It is instructed to identify and mask secrets such as API_TOKEN, PRIVATE_KEY, and Authorization headers, significantly reducing the risk of accidental credential exposure in the logs.\n- [PROMPT_INJECTION]: The skill stores untrusted user data in markdown files, creating a potential surface for indirect prompt injection. Ingestion points: Conversation history and user-supplied slash commands (SKILL.md). Boundary markers: Structured markdown templates for journals, decisions, and observations (references/guidelines.md). Capability inventory: Shell command execution via git and local filesystem writes (SKILL.md). Sanitization: Includes specific rules to redact sensitive tokens and credentials from the stored content (references/guidelines.md).

dev-journal