The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local commands for repository grounding, such as git log, jq, and a bundled utility script named flowctl. It also employs python3 to execute inline logic for parsing and to dynamically load its internal module (flowctl.py). These executions are scoped to the local filesystem and the plugin's own installation path.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting repository data that may be influenced by external contributors.
Ingestion points: Phase 1 gathers context from git log, CHANGELOG.md, and local memory search hits.
Boundary markers: The skill uses structured YAML delimiters for generation and critique phases and includes explicit distillation instructions to separate metadata from agent instructions.
Capability inventory: The skill uses Bash to manage artifacts and can promote ideas into specifications using the bundled flowctl tool.
Sanitization: Content is distilled (e.g., limiting git logs to 10 files) to restrict the attack surface, and a dedicated critique pass with a fixed taxonomy is used to validate all generated content before finalization.

flow-next-prospect