The Agent Skills Directory

[PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection by ingesting and executing instructions from local project data.
Ingestion points: Data is ingested from GOALS.md, GOALS.yaml, git logs, and the .agents/ directory (specifically retrospectives, council verdicts, and learnings).
Boundary markers: No explicit delimiters or instructions to ignore malicious embedded content are defined for the goal check commands or directive descriptions.
Capability inventory: The skill executes arbitrary shell commands defined in the 'check' field of goals via the ao CLI and can perform automated file modifications through its steering and initialization modes.
Sanitization: There is no mention of sanitization or safety validation for the user-defined shell commands before they are invoked by the system.
[COMMAND_EXECUTION]: The skill uses the ao CLI tool to execute shell commands for measuring goal satisfaction and performing structural maintenance on project files.
[DATA_EXFILTRATION]: The skill provides an export mode that outputs project fitness snapshots and metrics to the agent's output stream, facilitating data sharing with CI/CD and external monitoring tools.

goals