The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses forceful directives in SKILL.md such as "The Iron Law: GRIND UNTIL EXPLICIT STOP SIGNAL" and "NEVER stop on your own" to override the agent's default decision-making regarding task completion.
[PROMPT_INJECTION]: In SKILL.md, the instruction "Operations that would normally require human confirmation are off-limits during autonomous operation" explicitly attempts to suppress platform safety prompts and user oversight (Human-in-the-loop controls).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the ingestion of project files like CLAUDE.md, .cursorrules, and README.md.
Ingestion points: Reads CLAUDE.md, AGENTS.md, GEMINI.md, .cursorrules, opencode.md, and README.md during the INIT phase.
Boundary markers: Absent; the skill does not use delimiters to isolate external content from instructions.
Capability inventory: Broad command execution, file system access, and git operations during the "Work" phase.
Sanitization: Absent; no validation or filtering is performed on the content of ingested files before they influence the agent's planning and execution.
[COMMAND_EXECUTION]: The skill involves the execution of system commands in SKILL.md (e.g., git log, git status, sleep 60) and arbitrary shell operations during the "Work" phase to complete user-defined tasks.

autogrind