The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external planning documents.\n
Ingestion points: Loads implementation steps and requirements from {plan-folder}/plan.md and {plan-folder}/phase-*.md.\n
Boundary markers: Absent; the agent interprets the plan content directly as instructions without specific delimiters or warnings to ignore embedded commands.\n
Capability inventory: Includes shell command execution (pnpm, git, uv) and browser automation via Playwright MCP, which could be misused if malicious instructions are embedded in plan files.\n
Sanitization: No validation or filtering is applied to the ingested plan content before the agent acts upon it.\n- [COMMAND_EXECUTION]: The skill executes local shell commands as part of the implementation and verification process.\n
Evidence: Runs pnpm test, pnpm run typecheck, and pnpm dev for code verification and local testing.\n
Evidence: Executes git commit to save progress into the repository.\n
Evidence: Runs a project-local Python validator script using uv run $CLAUDE_PROJECT_DIR/.claude/hooks/validators/validate_no_placeholders.py.

implement