The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from the user-provided requirements document.
Ingestion points: The skill reads <spec_dir>/requirements.md in Phase 0.2 using the Read tool.
Boundary markers: There are no explicit boundary markers or "ignore previous instructions" warnings defined when the requirement content is interpolated into the prompts for sub-agents (contract-deriver, taskgraph-planner, and verify-planner).
Capability inventory: The skill can execute shell commands via hoyeon-cli, write files to the filesystem (e.g., /tmp, plan.json, contracts.md), and dispatch specialized sub-agents.
Sanitization: The skill lacks explicit sanitization or escaping mechanisms for the requirement text before it is used in downstream prompt construction.
[COMMAND_EXECUTION]: The skill relies on executing a local CLI tool for state management and validation.
Evidence: Throughout the SKILL.md, bash commands are used to invoke hoyeon-cli for operations like plan init, plan merge, plan get, and plan validate.
Context: These operations use temporary JSON files in /tmp to safely pass data to the CLI, which is a standard pattern for the vendor's toolset.

blueprint