The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's task-executor and documentation-writer subagents are designed to execute shell commands for running test suites (e.g., vitest) and performing git operations like staging and committing code. These commands are essential for the skill's primary function of implementing and documenting software tasks within a local development environment.
[PROMPT_INJECTION]: The skill ingests external data from Jira ticket snapshots and task plans stored in the docs/ directory, creating a surface for indirect prompt injection. Malicious instructions embedded in Jira tickets could potentially influence the agent's implementation or documentation behavior. This risk is mitigated by the inclusion of a mandatory security-auditor gate that specifically reviews committed changes for unsafe patterns. Mandatory Evidence Chain: 1. Ingestion points: docs/<TICKET_KEY>.md (Jira ticket snapshot). 2. Boundary markers: Absent in the instructions for processing ticket data. 3. Capability inventory: Shell command execution for tests and git operations across all specialist scripts. 4. Sanitization: Absent in the prompt logic for ticket data processing.

executing-jira-task