The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently executes shell commands for environment auditing and file management. In workflows/plan.md, it runs git log, ls, and grep to gather context. In workflows/approve.md, it uses cp and mkdir to promote files to documentation directories.
[COMMAND_EXECUTION]: The workflows/allow.md file uses the vendor tool npx @codevoyant/agent-kit perms add to modify agent configuration files (e.g., ~/.claude/settings.json). This is used to pre-approve the skill's permissions for background execution, effectively bypassing runtime permission prompts for its own workflows.
[EXTERNAL_DOWNLOADS]: The skill relies on npx to execute @codevoyant/agent-kit. This package is a resource owned by the vendor (matching the author 'cloudvoyant') and is used for plan registration, permission management, and notifications.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) in workflows/plan.md and agents/linear-push-agent.md. It ingests untrusted data from Linear projects, issues, and external web search results (via Agent B) and interpolates this content into the prompts of background agents.
Ingestion points: Linear issue/project descriptions (plan.md Step 2), WebSearch results (plan.md Step 3.5).
Boundary markers: The skill uses some headings but lacks robust delimiters or 'ignore' instructions for untrusted data.
Capability inventory: Subprocess calls (npx, grep), file writes (plan.md Step 5), and network operations via MCP tools.
Sanitization: None detected for external content before prompt interpolation.

em