The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive file paths (e.g., .env, .ssh) are accessed. Network access is marked as optional for gathering technical context, and generated plans are stored locally in designated documentation folders without unauthorized external transmission.
[PROMPT_INJECTION]: The instructions contain defensive patterns that prevent the agent from being coerced into skipping planning gates or entering the workflow for inappropriate tasks. No malicious override or system prompt extraction patterns were detected.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests external data (repository code and documentation) to inform its planning process, the output is restricted to technical plans and handoff summaries. The skill explicitly states it should not be used for code execution, which significantly reduces the impact of potential indirect injections.
[COMMAND_EXECUTION]: The skill metadata enables shell access, but the instructions do not use it for arbitrary command execution. References to shell commands in the evaluation notes are limited to local script validation using the 'uv' package manager, which is a standard development practice.
[REMOTE_CODE_EXECUTION]: No patterns of downloading and executing remote scripts (e.g., curl|bash) were found. The skill relies on local instructions and templates to generate its outputs.

implementation-planning