The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill executes local helper scripts ('scripts/init-session.sh' and 'scripts/check-complete.sh') to initialize work environments and verify task completion. These scripts use fixed logic for file creation and text searching (grep) and do not perform network requests or handle unsanitized external commands.
[PROMPT_INJECTION] (LOW): An indirect prompt injection surface is present due to the 'PreToolUse' hook which automatically 'cat's the contents of 'task_plan.md' into the agent's context before Write, Edit, or Bash operations. 1. Ingestion points: 'task_plan.md' is read automatically via hooks and verification scripts. 2. Boundary markers: Content is injected into the context without delimiters or warnings to ignore embedded instructions. 3. Capability inventory: The skill enables high-privilege tools including 'Bash', 'Write', 'WebSearch', and 'WebFetch'. 4. Sanitization: No validation or escaping is performed on the planning files, which can be modified by the agent or potentially external processes, allowing malicious instructions to be staged in the plan and executed in subsequent loops.

planning-with-files