The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/intake_wizard.py uses os.system to clear the terminal screen (cls or clear) and set the Windows console code page to UTF-8 (chcp 65001). These are hardcoded, benign commands used solely for terminal UI initialization and maintenance.
[COMMAND_EXECUTION]: The launcher scripts (launch_paperspine_ui.ps1 and launch_paperspine_ui.sh) execute the configuration wizard in a new terminal window. The PowerShell script uses -ExecutionPolicy Bypass to allow the local script to run, and the shell script uses standard terminal emulators (such as gnome-terminal, xterm) or osascript on macOS. These are standard practices for launching interactive command-line tools from an agent environment that may not support direct interactive input.
[PROMPT_INJECTION]: The configuration wizard reads local project files (specifically .md and .txt files) to automatically suggest values for configuration fields like "motivation" and "official URLs". While this represents a surface for indirect prompt injection—where a malicious local file could influence the generated configuration—the logic is restricted to extracting short strings based on specific keyword markers. This behavior is a functional requirement for the tool's automation and carries low risk.

paper-spine-ui