The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple local shell commands including git operations and specialized CLI tools (br, bv) for state management and analysis.
Evidence: Found in SKILL.md Step 4.5 and throughout reference/br-integration.md and reference/tdd-workflow.md (e.g., br init, git commit, pytest, jest).
[PROMPT_INJECTION]: The skill is designed to dynamically load and inject instructions from external SKILL.md files based on track metadata, creating a surface for indirect prompt injection.
Ingestion points: The skill reads .maestro/tracks/{track_id}/metadata.json to identify a list of skills, then loads the content of each referenced SKILL.md file.
Boundary markers: Injected content is wrapped in a ## SKILL GUIDANCE header, but lacks instructions for the agent to ignore potentially conflicting or malicious directives within those files.
Capability inventory: The agent has permissions to perform git commits, read/write local files, and execute arbitrary shell commands (test suites, server commands).
Sanitization: No validation or sanitization of the content within the referenced SKILL.md files is performed before injection into the prompt context.
Evidence: SKILL.md (Step 3.7) and reference/single-agent-execution.md (Step 6a.1.5).

maestro-implement