The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/create-feature-branch.cjs file uses child_process.execSync to perform git operations. The skill implements strong input validation and sanitization for these commands; Plan IDs are parsed as integers, and plan names are processed through a strict whitelist regex (/[^a-z0-9-]/g) that removes shell metacharacters before they are used in command strings, effectively preventing command injection.
[PROMPT_INJECTION]: The skill is designed to read and follow instructions from project-controlled files like PRE_PHASE.md, POST_PHASE.md, and POST_EXECUTION.md. This represents an indirect prompt injection surface where the agent's behavior is influenced by the content of files within the user's repository.
Ingestion points: Instructions are loaded from markdown files located in <root>/config/hooks/ and the plan's execution blueprint section.
Boundary markers: None identified; the skill treats content from these files as authoritative instructions for the agent.
Capability inventory: The skill has the ability to execute git commands, move files on the local system, and dispatch agents for task execution.
Sanitization: There is no validation or filtering applied to the natural language instructions contained within the hook files before they are processed by the agent.

st-execute-blueprint