The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements an automated orchestration loop that processes external milestone files, creating a surface for indirect prompt injection.
Ingestion points: Task definitions and state information are loaded from state.md and files within the milestones/ directory.
Boundary markers: The skill does not provide instructions to the agent to treat milestone content as untrusted or to ignore instructions embedded within those files.
Capability inventory: The skill manages file system operations and invokes high-capability skills such as run-plan and plan-crafting to execute tasks.
Sanitization: There is no evidence of validation or filtering of the milestone content before it is used to compose context briefs for planning and execution.
Mitigation: The workflow includes multiple 'Hard Gates' that require explicit user confirmation before starting planning, execution, or review phases, which serves as a primary safeguard against the autonomous execution of malicious instructions.

long-run