The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains explicit instructions designed to override the agent's standard operational protocols by mandating the execution of tools without user permission. Specifically, the 'Execution Contract' and 'CRITICAL: Execute, Don't Report' sections instruct the agent to ignore confirmation prompts (e.g., "Do not ask for permission", "Auto-loop rules mandate execution without permission").
[COMMAND_EXECUTION]: The skill utilizes shell commands (bash, git, jq) to inspect the local filesystem and project state. This data is then used to programmatically determine which subsequent actions or skills to invoke.
[INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to instructions embedded in project files which could influence agent behavior.
Ingestion points: .claude_review_state.json, CLAUDE.md, and various files within the rules/ directory.
Boundary markers: Not present; the skill treats content from these files as authoritative instructions for immediate execution.
Capability inventory: Includes the ability to execute arbitrary shell commands via Bash and trigger other platform skills via the Skill tool.
Sanitization: No validation or sanitization of the content loaded from these external files is performed before it is used to drive the agent's logic.

remind