The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands including git log, git show, and rg (ripgrep) to inspect repository history and local file contents. These operations are restricted to read-only inspection consistent with the skill's stated purpose.
[PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by ingesting data from project files that could contain malicious instructions. * Ingestion points: The skill reads contents from docs/codex-plans/*.md and project source files. * Boundary markers: There are no instructions to wrap these contents in delimiters or to disregard instructions found within these files. * Capability inventory: The skill utilizes git and rg for inspection; no network exfiltration or destructive write operations are authorized. * Sanitization: The instructions do not describe any sanitization or validation of the input data before it is processed by the agent.

plan-audit