The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes complex shell pipelines to locate and sort project plans, specifically using find, stat, sort, head, and cut within the Step 0 logic.
[COMMAND_EXECUTION]: Executes a local Python script located at .claude/scripts/code_graph to perform code analysis. This creates a dependency on unverified local scripts existing within the workspace.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted data from implementation plans and user-provided arguments to drive agent behavior.
Ingestion points: Reads data from $ARGUMENTS and local files such as ./plans/plan.md and specific phase files (e.g., phase-01-preparation.md).
Boundary markers: Uses <plan> tags to encapsulate input arguments, but lacks explicit "ignore instructions" delimiters for external file content.
Capability inventory: The agent has the ability to read/write files, execute shell commands, run local Python scripts, and perform git commits.
Sanitization: There is no evidence of sanitization or structural validation for the content parsed from the plan files before it is used to initialize TaskCreate tasks.

code-no-test