The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses variable interpolation to construct shell commands for Git operations and workspace management. Evidence: git push origin polecat/{beadId} (Stage 3) and git worktree remove polecat/{beadId} --force (Stage 6) in SKILL.md. This pattern is susceptible to command injection if variables such as beadId are not strictly validated and sanitized.\n- [COMMAND_EXECUTION]: The skill exposes an indirect prompt injection surface by processing state data and maintaining high-privilege capabilities. 1. Ingestion points: State files located in .chipset/state/ (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution (git) and filesystem modification/deletion (SKILL.md). 4. Sanitization: Not explicitly implemented in the provided code snippets.\n- [SAFE]: The destructive cleanup of the workspace (Stage 6) is a documented core functionality of the skill's "Done Means Gone" principle. It is intended to prevent state leakage between tasks and is not considered a malicious persistence or data loss issue in this context.

done-retirement