The Agent Skills Directory

[PROMPT_INJECTION]: The skill's description in SKILL.md contains an instruction ('ALWAYS activate this skill before implementing EVERY feature, plan, or fix') that attempts to override standard agent behavior by forcing the use of this specific workflow for all development tasks.
[PROMPT_INJECTION]: The 'Smart Intent Detection' logic in references/intent-detection.md relies on simple keywords such as 'trust me', 'auto', and 'yolo' to activate the autonomous mode. This creates a surface for indirect prompt injection where external or untrusted data containing these keywords could trick the agent into performing complex tasks without human oversight.
[COMMAND_EXECUTION]: The '--auto' mode (detailed in SKILL.md and references/workflow-steps.md) explicitly skips all human review gates ('blocking gates'). This allows the agent to autonomously generate code, execute tests, and modify files with no manual intervention.
[COMMAND_EXECUTION]: The finalization step in references/workflow-steps.md automatically invokes a git-manager subagent to stage and commit changes. When combined with the --auto mode, this results in the agent autonomously modifying the repository's version history without user approval of the code changes.

cook