The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill incorporates state from local files (task_plan.md, findings.md, progress.md) into the agent's prompt during tool use and session startup. These files, particularly findings.md, are designed to store potentially untrusted research data from the web. The skill mitigates risks by wrapping injected content in ---BEGIN PLAN DATA--- delimiters and providing explicit instructions to the agent to treat the content as data only and ignore any embedded instructions. Ingestion points include the UserPromptSubmit and PreToolUse hooks in SKILL.md. Capabilities include full file and shell access via allowed-tools. Sanitization is achieved through clear instruction-based framing for the LLM.
[COMMAND_EXECUTION]: Local scripts (Shell, PowerShell, and Python) are used for initialization and session recovery. The session-catchup.py script reads the user's local Claude/Codex session history to reconstruct context after a reset. The Stop hook executes check-complete.sh/ps1 to report on phase completion. These operations are limited to the local environment and the skill's own installation path, and they serve the primary purpose of task organization and recovery.
[EXTERNAL_DOWNLOADS]: No remote scripts or unauthorized packages are downloaded at runtime. References to external documentation target well-known and legitimate domains related to the skill's design inspiration and standard programming resources. The session-catchup.py script uses the orjson library if available but does not attempt to install it if missing.

planning-with-files