The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses 'git ls-files' to count source files and identify the primary project language. It also probes for configuration files (e.g., package.json, pyproject.toml) and checks for directory existence in the user's home folder to determine the correct command syntax for the environment. These operations are read-only and limited to local metadata for context detection.- [PROMPT_INJECTION]: The skill processes content from user-provided plan documents to generate commands. Although this represents an ingestion point for untrusted data, the risk of exploitation is mitigated by the skill's generative nature. Evidence chain: (1) Ingestion points: (SKILL.md); (2) Boundary markers: Absent; (3) Capability inventory: Read-only file access and local command execution (git ls-files) in SKILL.md; (4) Sanitization: The skill escapes double quotes in output task descriptions and uses a rigid Markdown template for the final output, providing structural resistance against instruction override.

plan-orchestrate