The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs unsafe shell variable interpolation in Stages 2 and 7 when calling jq. Specifically, the $task_number variable is placed outside of single quotes within a shell command string (e.g., '... == '$task_number')'), allowing for shell command injection if the variable contains spaces or shell metacharacters.
[COMMAND_EXECUTION]: The skill is vulnerable to path traversal. The variable project_name is extracted from specs/state.json and used to construct file paths for directories and files (e.g., specs/${padded_num}_${project_name}/...) in multiple stages (1, 3, 6, 7, 10). Lack of validation allows an attacker to manipulate file paths to read, write, or delete files outside the intended directory structure.
[COMMAND_EXECUTION]: The use of git add -A followed by a commit is a risky pattern as it may inadvertently stage and commit sensitive files or untracked credentials present in the repository.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from external files (specs/state.json and plan files) and passes this content into the prompt for the neovim-implementation-agent subagent without sanitization or boundary markers.
Ingestion points: specs/state.json and implementation plan files located in specs/ (e.g., specs/{NNN}_{SLUG}/plans/implementation-001.md).
Boundary markers: Absent. The prompt instructions in Stage 5 do not use delimiters or instructions to ignore embedded commands in the interpolated variables.
Capability inventory: The skill has access to Bash (executing shell commands), Write/Edit (modifying files), and the Task tool (spawning subagents).
Sanitization: None. Data from state.json (such as description or project_name) is used directly in prompts and shell commands.

skill-neovim-implementation