The Agent Skills Directory

[SAFE]: The skill uses dynamic context injection (!command syntax) in its SKILL.md to collect diagnostic project metadata such as git status and project types. These operations are limited to local system commands like git rev-parse and find, which are executed at load time and do not involve remote network access or sensitive file paths.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the repository's git logs and codebase to generate documentation. This behavior is inherent to the skill's primary purpose of repository analysis.
Ingestion points: Step 3, 4, and 5 involve reading git commit messages, issue tracker titles via gh CLI, and codebase files for TODOs and comments.
Boundary markers: None provided; the instructions do not include delimiters or specific prompts to ensure the agent ignores instructions embedded within the processed data.
Capability inventory: The skill has access to Bash (for git/jq), Write (to create markdown files), and Task (to call other blueprint skills).
Sanitization: There is no explicit sanitization or escaping of the extracted strings before they are interpolated into the document templates provided in REFERENCE.md.

blueprint-derive-plans