The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates an Indirect Prompt Injection surface by instructing the agent to generate implementation plans from untrusted user requirements. These plans are intended to be 'executable without asking questions' by subsequent agent sessions.
Ingestion points: User-provided feature names, goals, architecture descriptions, and design documents (referenced in SKILL.md).
Boundary markers: The plan templates use Markdown headers and blockquotes but lack explicit delimiters or instructions to ignore potential injections within the interpolated content.
Capability inventory: The skill encourages the inclusion of shell commands (npm, git, docker, curl, python3) and file system operations (Write, Bash) within the generated plans.
Sanitization: There are no instructions for sanitizing or validating user-provided strings before they are incorporated into executable shell commands or code blocks in the plan.
[COMMAND_EXECUTION]: The skill provides explicit examples and instructions for using the Bash tool to perform system operations, such as directory creation (mkdir -p docs/plans), and templates for running development tools like npm test and docker compose. It also references a custom runner script plugins/cc10x/scripts/cc10x_live_harness_runner.py for executing 'live verification' scenarios.

planning-patterns