The Agent Skills Directory

[COMMAND_EXECUTION]: The server script uses child_process.spawn and execSync to manage background execution and to automatically open the dashboard in the system's default browser. Additionally, the HTTP server performs dynamic module loading from a sibling skill directory using computed paths.
[DATA_EXFILTRATION]: The HTTP server exposes an endpoint to serve local files from the current working directory and the specified plans directory. Although path-traversal protections are implemented, this functionality enables network access to files within the project workspace, which could lead to unintended data exposure if the server is bound to a public interface.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the gray-matter package from the official NPM registry to parse frontmatter metadata from markdown files.
[PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it parses and displays content from local plan.md files. Malicious instructions embedded in these files could potentially influence the agent when it processes the dashboard or API output. Ingestion occurs in scripts/lib/plan-scanner.cjs. No specific boundary markers or instruction-filtering sanitization are used beyond standard HTML escaping for XSS prevention.

plans-kanban