The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it is designed to analyze project files like README.md and package.json which could contain malicious instructions. However, the risk is mitigated by a mandatory human-in-the-loop approval process. * Ingestion points: Project structure and configuration files analyzed in Phase 1. * Boundary markers: Explicit requirement for human approval (YES) of the TODO.md file before proceeding to Phase 5. * Capability inventory: File writing and command execution during Phase 5. * Sanitization: Relies on user verification of the planning output.

plan-first