The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill facilitates the creation of project-specific markdown files based on user-defined tasks, creating a surface where malicious instructions could be stored and later interpreted by an agent. * Ingestion points: User input is used to generate file names and the markdown content of task lists in 'SKILL.md'. * Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions within the generated content. * Capability inventory: The impact is significantly mitigated by the 'allowed-tools' list (Read, Glob, Grep), which are read-only and prevent the agent from performing destructive actions. * Sanitization: Absent; the skill does not suggest any validation or escaping of user input.
[Safe Practices] (SAFE): The skill contains explicit instructions to avoid writing files to sensitive or internal directories such as '.claude/', which reduces the risk of credential exposure or configuration corruption.
[No Code] (SAFE): This skill contains no executable scripts or binary files, relying solely on natural language instructions and built-in agent tools.

plan-writing