The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands, specifically 'git tag' and 'git commit', which are necessary for its primary function of archiving project versions.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading and incorporating data from untrusted project files such as phase SUMMARY.md and ROADMAP.md files. Ingestion points: Accomplishments and statistics are extracted from various files in the .planning directory. Boundary markers: The skill lacks explicit markers or instructions to isolate or ignore potentially malicious commands embedded in the ingested text. Capability inventory: The skill has access to Read, Write, and Bash tools, which could be leveraged if a prompt injection attack is successful. Sanitization: Extracted content is utilized directly in templates and git messages without verification or sanitization.

gsd-complete-milestone