The Agent Skills Directory

[PROMPT_INJECTION]: The skill explicitly facilitates an indirect prompt injection surface by instructing the agent to save results from web searches and browser operations directly into 'findings.md' and then re-read those files to guide future decisions. This 'working memory' pattern is the primary purpose of the skill and is documented as a context engineering technique. No malicious instructions or bypass attempts were identified within the templates or guidelines.
Ingestion points: External data enters the context through 'findings.md' and 'notes.md' via WebSearch and WebFetch tools.
Boundary markers: The skill relies on standard markdown headers for structure but does not include explicit delimiters or instructions to ignore embedded commands in ingested data.
Capability inventory: The skill has access to Bash, Write, and Edit tools, which are used to execute the plan.
Sanitization: No sanitization or filtering is applied to the data written to the planning files.
[COMMAND_EXECUTION]: The skill utilizes local shell scripts and hooks for lifecycle management. The scripts/init-session.sh script automates the creation of planning templates, and scripts/check-complete.sh uses grep to verify task status. These scripts are limited to benign file system operations and do not exhibit dangerous command injection or privilege escalation patterns.
[EXTERNAL_DOWNLOADS]: No unauthorized remote code execution or suspicious downloads were found. A single reference link in reference.md points to legitimate documentation on the 'manus.im' domain. The content contains some factually incorrect claims about corporate acquisitions, but these do not pose a security risk.

planning-with-files