The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from 'github.com/disler/infinite-agentic-loop.git' during installation. This source is external and not included in the pre-defined trusted vendor lists.
[COMMAND_EXECUTION]: The skill configuration ('.claude/settings.json') explicitly enables 'allow_shell_commands' and 'allow_file_operations'. This grant of authority allows the agent to execute arbitrary shell commands and modify the filesystem, which is a powerful capability that could be abused if malicious instructions are processed.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its architecture of processing external specification files.
Ingestion points: Specification files (e.g., 'specs/invent_new_ui_v3.md') are ingested via the '/project:infinite' command and used to drive the generation logic.
Boundary markers: There are no boundary markers or 'ignore embedded instructions' warnings provided to distinguish the specification content from the agent's core instructions.
Capability inventory: The skill has access to shell execution ('allow_shell_commands') and file operations ('allow_file_operations') as defined in the project settings.
Sanitization: No sanitization or validation of the specification file content is mentioned or implemented, allowing any instructions within those files to potentially influence the agent's behavior.

infinite-agentic-loop-claude