The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to both direct and indirect prompt injection. Direct injection is possible via the $ARGUMENTS variable in SKILL.md, which is interpolated into the instructions without sanitization. Indirect injection surface exists through the processing of external data.
Ingestion points: $ARGUMENTS (SKILL.md), git logs, and existing plan/story files (SKILL.md).
Boundary markers: Absent. The skill does not wrap ingested data in delimiters or include instructions to ignore embedded commands.
Capability inventory: The skill can read/write files and execute shell commands (lint, typecheck, tests).
Sanitization: None provided for processed data.
[COMMAND_EXECUTION]: In 'Closure' mode, the skill is instructed to run lint, typecheck, and tests. This involves executing arbitrary shell commands defined in the project's environment. While this is a standard engineering task, it requires the user to trust the repository's configuration to prevent execution of malicious code during the verification phase.

agile-status