The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes several shell and PowerShell scripts (init-session.sh, attest-plan.sh, check-complete.sh) to automate project management. These scripts handle user-supplied project names safely by applying slugification (removing special characters) and using literal path parameters, which effectively mitigates command injection risks.
[DATA_EXPOSURE]: The session-catchup.py script reads session history logs from local directories (~/.claude/projects/ or ~/.codex/sessions/) to help the agent recover context after a reset. This data processing is entirely local, and the script contains no network-capable code for exfiltrating this information.
[REMOTE_CODE_EXECUTION]: All executable logic is contained within the skill's local directory. There are no patterns involving the download and execution of remote scripts (e.g., curl | bash) or use of eval on untrusted external input.
[SAFE]: The skill follows security best practices, such as using file hashing for plan integrity (attestation) and providing clear templates. No prompt injections or obfuscation techniques were found.

pi-planning-with-files