The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to execute a bundled utility, flowctl, found within the plugin's own directory. It correctly resolves the executable's path using platform environment variables like DROID_PLUGIN_ROOT or CLAUDE_PLUGIN_ROOT, which ensures the tool is executed from a trusted, local source.
[COMMAND_EXECUTION]: Argument parsing logic in the skill uses shell utilities such as jq, sed, and tr with safe practices. Specifically, it employs printf "%s" to handle raw user input from $ARGUMENTS, preventing common shell-based injection vulnerabilities.
[PROMPT_INJECTION]: The skill uses predefined regex patterns (e.g., fn-\d+) to identify and validate Flow IDs provided by the user. This validation layer ensures that only identifiers matching the expected format are processed by the underlying tools.
[PROMPT_INJECTION]: The skill ingests untrusted data from $ARGUMENTS, file paths, and output from flowctl commands (which read project files). While no explicit boundary markers are used for this data, its capabilities are restricted to project-scoped file operations via flowctl and basic shell utilities. Sanitization is primarily performed via regex validation for identifiers.

flow-next-interview