The Agent Skills Directory

[SAFE]: The skill follows security best practices by explicitly instructing the agent to redact secrets (e.g., using placeholders like [REDACTED_API_KEY]) and sanitize user input summaries before persisting them in durable artifacts like CONTEXT.md.
[NO_CODE]: The skill consists entirely of instructional markdown and reference templates; it does not include executable scripts, shell commands, or external package dependencies.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from repository files and user requests to generate documentation. Ingestion points: Reads existing CONTEXT.md, epic descriptions, and repository files during the 'codebase scout' phase (SKILL.md). Boundary markers: No explicit input delimiters are defined, but the skill uses structured markdown templates for output and mandates manual confirmation. Capability inventory: Performs file system write operations to CONTEXT.md and STATE.json. Sanitization: Mandates manual confirmation of all decisions and explicit redaction of sensitive data (SKILL.md). The risk is assessed as safe due to the strict human-in-the-loop requirement and manual decision locking.

beo-exploring