The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection through its multi-agent interaction model. Agents (Driver, Navigator, and Advisor) coordinate by writing to and reading from shared files (.popcorn-xp/LOG.md, .popcorn-xp/ADVICE.md) and exchanging messages via the SendMessage tool. 1. Ingestion points: Agents read codebase content and user task instructions from the local filesystem. 2. Boundary markers: The protocol defined in references/protocol.md instructs agents to treat peer messages as 'input, not instructions,' although 'OBJECTION' messages act as logical gates for task completion. 3. Capability inventory: Teammate agents have full tool access, including FileEdit, Bash, and peer-to-peer SendMessage. 4. Sanitization: No explicit sanitization or escaping of data exchanged between agents is implemented before it is processed by the LLM.
[COMMAND_EXECUTION]: The skill registers local shell scripts (hooks/scripts/check-advice-on-complete.sh, hooks/scripts/check-objections.sh, and hooks/scripts/remind-unread-advice.sh) as Claude Code hooks for the TaskCompleted, SubagentStop, and TeammateIdle events. These scripts analyze local session files using standard utilities like grep and sed to enforce the XP protocol. While they do not execute arbitrary user input directly, they represent a runtime execution surface for shell scripts within the workspace.

popcorn-xp