The Agent Skills Directory

[PROMPT_INJECTION]: The skill describes patterns (Infinite Agentic Loop, Ralphinho DAG) that ingest untrusted external data such as specifications and RFC documents (specs/component-spec.md, RFC/PRD Document). This creates a surface for indirect prompt injection where instructions hidden in these documents could influence the agent's behavior.
Ingestion points: Specification files (Markdown) in SKILL.md (Infinite Agentic Loop section) and RFC/PRD documents processed by orchestrator agents in the Ralphinho section.
Boundary markers: No specific delimiters or "ignore instructions" wrappers are defined in the provided patterns.
Capability inventory: Agents are granted broad capabilities including file system access (Write, Edit), shell access (Bash), and GitHub CLI integration (gh) as seen in the command examples.
Sanitization: No explicit sanitization or validation of the input specifications is described.
[COMMAND_EXECUTION]: The skill provides numerous examples of automating complex workflows using shell scripts and Claude Code commands. While these are intended for legitimate automation (TDD, CI/CD integration, PR management), they involve extensive execution of system commands like claude -p, gh pr, and git worktree.
[EXTERNAL_DOWNLOADS]: Mentions the continuous-claude tool and suggests installation from its repository. The skill correctly advises users to review the code before installation and warns against piping external scripts directly to bash, which is a security best practice.

autonomous-loops