The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes multiple shell commands including git, grep, find, sqlite3, mkdir, and mv to manage projects. These operations occur within sensitive local paths containing source code and personal information.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates the contents of local files into the agent's context without sanitization. Ingestion points: Content is read from projects in $DEV and notes in $VAULT via cat, grep, and find (SKILL.md). Boundary markers: There are no markers or safety instructions to prevent the agent from obeying instructions embedded within the processed files. Capability inventory: The skill allows directory movement, shell command execution, and database querying (SKILL.md). Sanitization: No validation or filtering is performed on file contents before they are added to the context.

project-manager