The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through project-level documentation.
Ingestion points: The agent is instructed in SKILL.md to read repository files such as CLAUDE.md, AGENTS.md, README.md, and package.json to identify project boundaries and workflows.
Capability inventory: The skill possesses extensive capabilities, including executing shell commands (git, pnpm, node ace) and modifying files throughout the project worktree.
Boundary markers: There are no explicit instructions to treat the content of these repository files as untrusted or to wrap them in protective delimiters.
Sanitization: The skill does not implement sanitization of the content found within these files before incorporating it into the execution plan.
[COMMAND_EXECUTION]: The skill facilitates the execution of various development and version control commands.
Evidence: SKILL.md and associated runbooks utilize git for branch management, diffing, and committing; pnpm for typechecking, testing, and building; and node ace for framework-specific tasks like codegen and server management.
Context: These commands are central to the skill's primary function as an engineering orchestrator and are used in a standard development context.

maestro