The Agent Skills Directory

[COMMAND_EXECUTION]: The skill attempts to invoke a non-standard CLI tool named codex during the completion gate process in references/completion-gate.md. This represents an unverified external dependency that is not a standard system utility.\n- [DATA_EXFILTRATION]: Rules R4 and R5 instruct the agent to automatically log project context, decisions, and sub-skill outputs to external trackers like GitHub or Linear without user review. This creates a persistent risk of accidental exposure of sensitive information or internal credentials to third-party services.\n- [PROMPT_INJECTION]: The skill processes a user-defined objective which could contain malicious instructions. Ingestion points: The objective is interpolated into the main pursuit-mode prompt template in SKILL.md. Boundary markers: The objective is wrapped in untrusted tags (<untrusted_objective>). Capability inventory: The agent has extensive permissions including shell access, file write capabilities, and the ability to spawn sub-agents via the Task tool. Sanitization: No explicit sanitization or filtering of the objective is performed. The behavioral rules R2 and R5 significantly increase the impact of a successful injection by specifically suppressing user confirmation for many intermediate agent actions.

goal