The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by processing untrusted data from local files. * Ingestion points: The workflow reads all unresolved TODO items from the /todos/*.md directory. * Boundary markers: No delimiters or instructions to ignore embedded commands are present in the planning or implementation phases. * Capability inventory: The skill spawns general-purpose agents with the authority to implement code changes, commit files, and push to remote repositories. * Sanitization: There is no evidence of validation, escaping, or filtering of the content within the TODO files before it is passed to sub-agents for execution.
[COMMAND_EXECUTION]: The skill uses sub-agents to perform implementation tasks, which include file system modifications and git operations. While expected for a developer tool, this capability increases the potential impact of instructions ingested from untrusted TODO files.

resolve-todo-parallel