The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses unsafe shell interpolation for the $task_number variable within jq filter strings in Stage 2, Stage 7, and Stage 8 (e.g., select(.project_number == '$task_number')). This allows for injection into the jq logic or the surrounding shell command if the task number is not strictly validated as a numeric value.
[COMMAND_EXECUTION]: Stage 3 utilizes unquoted variable interpolation within a shell heredoc (cat > ... << EOF) for ${session_id} and ${task_number}. This is a potential command execution vector if these variables contain shell metacharacters such as backticks or command substitution syntax.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. Ingestion points: The skill reads task metadata from specs/state.json and parses subagent-generated results from .return-meta.json. Boundary markers: No delimiters or instructions are used to distinguish external data when it is processed and stored. Capability inventory: The skill possesses significant capabilities via the Bash tool (including git operations, jq processing, and filesystem manipulation), as well as the ability to modify project documentation via Edit. Sanitization: There is an absence of sanitization for string content (e.g., project names, artifact summaries) before these values are interpolated into shell commands or git commit messages.

skill-planner