The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its core logic involves reading and executing instructions from task files within the project repository.
Ingestion points: The orchestrator identifies and reads multiple task files from the docs/plans/tasks/ directory to drive the implementation cycle.
Boundary markers: The skill instructions mandate appending a "Scope boundary for subagents" block to every sub-agent prompt, which attempts to restrict the sub-agents' execution context to the specific task provided.
Capability inventory: The skill is capable of invoking sub-agents via the Agent tool, executing git commit and git diff operations, and performing file deletions during the final cleanup phase.
Sanitization: No explicit sanitization or structural validation of the task file content is mentioned before it is processed by the agent or passed to sub-agents.
[COMMAND_EXECUTION]: The skill is designed to perform command-line operations to manage code changes and project state.
Evidence: It explicitly instructs the agent to execute git commit to finalize tasks and git diff --name-only to identify implemented files for verification purposes. These actions are inherent to its role as a developer workflow tool but involve autonomous system modification.

recipe-build