The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs filesystem operations including mkdir -p, git mv, and git commit. It also executes pnpm ai-hero-cli internal lint to validate that the newly created directories follow required naming and structure conventions. These commands are restricted to the local workspace and align with the skill's primary purpose.
[PROMPT_INJECTION]: The skill ingests untrusted user data in the form of an exercise 'plan' (ingestion point) which it uses to define directory names and file titles (capability inventory). There are no specific boundary markers or sanitization procedures (absent) defined to separate instructions from data, creating a surface for indirect prompt injection where specially crafted plan names could attempt to influence the agent's behavior during the scaffolding process.

scaffold-exercises