The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes local shell commands, Python one-liners for JSON parsing, and Node.js scripts to perform repository analysis and manage project plans. These actions are within the intended scope of a developer-focused planning tool.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) as it ingests untrusted data from the codebase being explored and from user-provided annotations. Ingestion points: Existing implementation plans stored in 'docs/plans/' and annotation files in 'docs/plans/.annotations/'. Boundary markers: While the skill uses structural delimiters when passing data to sub-agents, it lacks explicit safety instructions to ignore or sanitize commands embedded within the processed data. Capability inventory: The skill can execute shell commands, perform file writes, and trigger subsequent implemention skills. Sanitization: No logic was identified for sanitizing or validating external file content before it is loaded into the agent's context.

spec-plan