The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the ingestion of data from an external source, creating a surface for indirect prompt injection.
Ingestion points: Untrusted content is read from issue descriptions, notes, and memories via commands like bd show, bd list, bd memories, and bd prime (as documented in references/cli-reference.md).
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the data retrieved from the Beads database.
Capability inventory: The agent is empowered to execute a wide range of shell commands through the bd CLI, including state-modifying operations and network synchronization (bd dolt push, bd backup sync).
Sanitization: There are no instructions for sanitizing or validating the content retrieved from the database before it is incorporated into the agent's context.
[COMMAND_EXECUTION]: The skill's operation relies on executing the bd CLI to manage project metadata, worktrees, and the task lifecycle. It also involves generating and writing instruction snippets to configuration files such as AGENTS.md or CLAUDE.md.

beads