The Agent Skills Directory

[PROMPT_INJECTION]: The orchestration workflow defines a pipeline where agents ingest and process data (specifications, code artifacts, and review feedback) generated by other agents in shared directories. This architecture creates an indirect prompt injection surface where malicious or safety-bypassing instructions embedded in a 'spec' or 'artifact' could influence the behavior of subsequent agents in the workflow.
Ingestion points: Agents are instructed in references/communication.md and references/patterns.md to read and verify files from /shared/specs/ and /shared/artifacts/.
Boundary markers: The provided 'Spawn Prompt Template' in references/communication.md uses headers but lacks explicit boundary markers or specific instructions for the agent to ignore potentially malicious embedded content within the shared artifacts.
Capability inventory: references/team-setup.md describes agents possessing significant capabilities, including browser access, tool usage, and API access, which increases the impact of a successful injection.
Sanitization: The skill does not include instructions for sanitizing or validating the content of handoff messages or artifacts before they are processed by the next agent.
[NO_CODE]: The skill consists entirely of Markdown-based procedural guides and templates. There are no executable scripts, binaries, or automated configuration files that perform actions on the host system.

agent-team-orchestration