The Agent Skills Directory

[Privilege Escalation] (HIGH): The Stop hook in SKILL.md utilizes -ExecutionPolicy Bypass for both pwsh and powershell. This flag is a security bypass that instructs the system to ignore execution policies designed to prevent the running of unauthorized or untrusted scripts on Windows.
[Unverifiable Dependencies] (MEDIUM): The skill references and automatically executes multiple scripts (check-complete.sh, check-complete.ps1, session-catchup.py) from a computed directory. These scripts are not included in the provided source files for auditing, representing a risk of unverified code execution via automated hooks.
[Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection through its automated planning file ingestion.
Ingestion points: The PreToolUse hook automatically reads the first 30 lines of task_plan.md into the agent's context window before every tool use.
Boundary markers: Absent. The content of the file is directly injected into the context without delimiters or instructions to treat it as untrusted data.
Capability inventory: The agent has access to powerful tools including Bash command execution, file system modification (Write, Edit), and network access (WebFetch).
Sanitization: Absent. The skill does not perform any validation or escaping of the ingested text before it enters the attention window.

planning-with-files