The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell commands and Node.js scripts to discover markers and verify build integrity. These operations are limited to the local environment and the project's own tools.
Evidence: Execution of rg and node --input-type=module -e in SKILL.md for discovery.
Evidence: Execution of npm run build and node engine/cli.mjs in SKILL.md for verification.
[PROMPT_INJECTION]: The skill processes untrusted data from source file comments which may contain instructions, creating an indirect prompt injection surface. This is a characteristic of its primary workflow and intended purpose.
Ingestion points: The skill reads markers starting with @openpress-comment from files in the document directory.
Boundary markers: Absent; the skill is instructed to treat marker text as valid instructions for edits.
Capability inventory: The skill has the ability to rewrite source files and execute project-defined build commands.
Sanitization: No sanitization or safety-filtering is applied to the content of the markers before the agent processes them.

openpress-apply-comments