The Agent Skills Directory

[SAFE]: The skill instructions and configuration contain no malicious patterns, unauthorized shell commands, or network exfiltration logic.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests and processes data from untrusted files within the repository. * Ingestion points: AGENTS.md, README.md, docs/INDEX.md, TODO*.md, and codebase surfaces. * Boundary markers: Not specified in the instructions. * Capability inventory: The skill performs extensive file reading and is capable of writing/updating TODO files. * Sanitization: No formal sanitization is implemented, but the workflow includes a mandatory 'Approve and apply' step that requires human oversight.

cdd-refactor