The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted requirements from issue trackers, plan files, and user descriptions to generate code. This creates a surface for indirect prompt injection where malicious instructions embedded in an issue could attempt to manipulate the agent's behavior.
Ingestion points: External issue descriptions, requirement files, and free-text inputs are extracted in Step 1 to determine implementation scope.
Boundary markers: The skill requires user confirmation of the implementation plan via AskUserQuestion before proceeding. Note that this safeguard is skipped in unattended mode.
Capability inventory: The agent has the capability to modify any file in the project repository and execute shell commands including git and grep.
Sanitization: No explicit sanitization, escaping, or instruction-ignoring delimiters are applied to the external data before processing.
Mitigation: The skill utilizes a 'scout' sub-agent for factual research, which receives only targeted questions rather than the full issue context, providing a layer of isolation for untrusted data.
[COMMAND_EXECUTION]: The skill uses shell commands for routine repository management and auditing. These include git fetch, git checkout, git pull, and git push for branch management, and grep for pattern-based consistency audits across the codebase. These operations are restricted to the repository and are standard for development workflows.

forge-implement