The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform various system-level operations including file management, git operations (branching, checkouts, commits), and running project-specific scripts like tests and linters.
[EXTERNAL_DOWNLOADS]: The workflow incorporates git pull operations which fetch and merge code from remote repositories into the local environment, representing a vector for introducing external code.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it relies on the contents of external markdown and JSON plan files to direct its implementation steps and decision-making.
Ingestion points: Phase 1.1 reads data from user-specified prd.json and spec.md files.
Boundary markers: There are no explicit delimiters or safety instructions used to isolate the data in these files from the agent's execution logic.
Capability inventory: The skill has access to powerful tools including Bash, Write, TaskCreate, and Skill (for dynamic loading of agent extensions).
Sanitization: The skill does not perform validation or sanitization of the plan content before using it to construct prompts or tool arguments.

work