The Agent Skills Directory

[COMMAND_EXECUTION]: Executes vendor-provided scripts located within the platform directory for state management and model resolution.
Evidence: The skill calls node {{PLATFORM_ROOT}}/get-shit-done/bin/gsd-tools.cjs to load state and resolve models.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by passing untrusted user input to subagents via the Task tool.
Ingestion points: Data enters via the $ARGUMENTS variable and responses from the AskUserQuestion tool in SKILL.md.
Boundary markers: The skill uses XML-style tags such as <symptoms> and <checkpoint_response> to delimit user data within the prompt.
Capability inventory: The skill and its subagents have access to powerful tools including Bash, Read, and Task, which could be exploited if an injection is successful.
Sanitization: There is no evidence of sanitization or validation of the {slug} or prefilled symptoms before they are interpolated into the subagent prompts or used in file paths.
[COMMAND_EXECUTION]: Utilizes bash commands to check for and list debugging session files in a local directory.
Evidence: Executes ls .planning/debug/*.md 2>/dev/null | grep -v resolved | head -5 to manage state.

gsd-debug