The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of pyyaml via pip. This is a well-known and standard library for parsing YAML data.
[COMMAND_EXECUTION]: The skill executes a local script scripts/planning.py to perform deterministic operations like reviewing progress, updating statuses, and linking project changes. The script uses yaml.safe_load() to prevent YAML-based injection attacks.
[DATA_EXPOSURE_AND_EXFILTRATION]: No network operations or unauthorized data access were identified. The script only interacts with project-specific YAML files in the planning/schedules/ directory.
[INDIRECT_PROMPT_INJECTION]: While the skill processes external YAML data, it employs a state machine to validate all status transitions and uses safe parsing methods, effectively mitigating risks associated with untrusted data ingestion.

workspace-planning