The Agent Skills Directory

[COMMAND_EXECUTION]: The primary dispatcher in SKILL.md dynamically selects and executes workflow logic from the workflows/ directory based on user input (workflows/{VERB}.md).
[CREDENTIALS_UNSAFE]: The allow workflow (workflows/allow.md) uses npx @codevoyant/agent-kit to modify the global configuration file at ~/.claude/settings.json. This action adds the skill to the permitted list to bypass security prompts during background execution.
[COMMAND_EXECUTION]: The approve workflow (workflows/approve.md) and the Linear synchronization documentation (agents/linear-initiative-sync.md) utilize the mcp__claude-in-chrome__javascript_tool to execute arbitrary JavaScript (window.location.href) in a browser context. This is used to bypass platform navigation dialogs.
[EXTERNAL_DOWNLOADS]: Several research agents (competitive-researcher.md, ideation-researcher.md, market-researcher.md, user-problems-researcher.md) perform automated web research using WebSearch and WebFetch to ingest content from arbitrary external domains, including competitor websites and community forums like Reddit and HackerNews.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves data from untrusted external websites and synthesizes this information into project artifacts like roadmaps and PRDs. Maliciously crafted content on target websites could potentially manipulate the agent's reasoning or instructions during the synthesis and approval phases.
[COMMAND_EXECUTION]: The skill frequently executes the @codevoyant/agent-kit package via npx for state management and notifications. While this is a vendor-provided tool, it represents a reliance on external executable code during runtime operations.

pm