The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest external content (a plan file passed as $1) and user-supplied arguments.
Ingestion points: The $ARGUMENTS variable and the plan file $1 are used to name branches and generate the content of the WIP implementation file.
Boundary markers: There are no delimiters or instructions to ignore embedded commands within the plan file.
Capability inventory: The skill possesses significant capabilities including filesystem writes (creating and updating WIP files) and shell command execution (git status, git pull, git checkout, git add, git commit).
Sanitization: No sanitization or validation of the plan file's contents or the user arguments is performed before they are incorporated into the workflow.
[Command Execution] (MEDIUM): The skill automates several Git operations. While standard for developers, an agent executing git pull involves network activity and the ingestion of remote code, while git commit and git checkout modify the local repository state. The lack of validation on the branch names derived from user input could potentially lead to argument injection in the git commands.
[Logic Inconsistency] (LOW): There is a discrepancy in the documentation: Phase 3 Step 1 specifies creating a file in docs/plans/, but the subsequent command block in Step 3 attempts to commit a file from docs/wip/. This inconsistency could lead to unintended file structures or execution errors.

implement-with-feedback