The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external, potentially untrusted data and uses it to drive agent behavior and tool usage. It ingests instructions from plan/README.md and phase-N.md files (found in SKILL.md) without utilizing boundary markers or sanitization, while possessing capabilities such as task delegation, file writing, and git command execution.
[DATA_EXFILTRATION]: The skill utilizes user-provided arguments to resolve file system paths, which could be exploited for path traversal. In SKILL.md, the $ARGUMENTS variable is assigned to the target state and used to locate directories and files; a malicious user could provide relative paths to access files outside the intended scope.

implement