The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to run shell scripts found within the target repository, such as 'bash scripts/check-change-contracts.sh' and 'bash scripts/set-feature-record-lifecycle.sh'. While standard for development workflows, this execution relies on the integrity of the scripts in the local environment.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) because it processes untrusted project data to determine execution steps. * Ingestion points: The agent reads the repository's policy file and touched files (e.g., SKILL.md) to guide its workflow. * Boundary markers: The instructions lack explicit delimiters or warnings to ignore commands or instructions embedded within the ingested files. * Capability inventory: The agent has the capability to execute shell commands and modify repository files based on the policy content. * Sanitization: There is no requirement for sanitization or validation of the input files before they influence the agent's behavior.

development-contract-repo-overlay-template