The Agent Skills Directory

[SAFE]: The skill is designed to manage local configuration files for agent behavior. It follows a transparent workflow requiring user approval, diff previews, and backups before applying any changes to the filesystem.
[DATA_EXPOSURE]: The provided template specifically includes instructions for the agent to avoid printing full token values, environment dumps, or credential paths, which is a positive security practice.
[COMMAND_EXECUTION]: While the skill references various CLI tools (rg, jq, gh, terraform, etc.), it does not execute them automatically. Instead, it instructs the agent to inform the user how to install them if missing.
[INDIRECT_PROMPT_INJECTION]: The skill processes existing AGENTS.md files which could contain untrusted instructions. However, it implements boundary markers (BEGIN/END hooks) and manual review steps (showing diffs/summaries) to mitigate risks of unintended instruction adoption.

ashie-agents-methodology