The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically executes shell commands and verification scripts derived from the content of an input plan file in Step 3.2, 3.4, and 3.5. This creates a path for arbitrary command execution if the plan file is sourced from an untrusted origin.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from the plan.md file and acts on embedded instructions with high autonomy.
Ingestion points: The plan.md file is read to extract Verify: commands and regression tests.
Boundary markers: None identified to separate the agent's instructions from the external plan data.
Capability inventory: Execution of shell commands via uv, playwright-cli, agent-browser, and the pilot CLI tools.
Sanitization: There is no mention of validation or sanitization for the commands extracted from the plan file before execution.
[COMMAND_EXECUTION]: The skill performs interactions with local services, including using curl to send DELETE requests to localhost:41777 for managing annotations and utilizing the pilot CLI for repository and worktree management.
[EXTERNAL_DOWNLOADS]: The skill utilizes uv for Python package and environment management and incorporates browser automation tools like playwright-cli and agent-browser for runtime verification.

spec-bugfix-verify