The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests untrusted user input during the 'Interview' workflow to generate instructions for sub-agents, creating a surface for indirect prompt injection. 1. Ingestion points: User responses to the interview questions in SKILL.md. 2. Boundary markers: Absent; the generated markdown files do not use unique delimiters to isolate user-provided data from the agent's instructions. 3. Capability inventory: The generated agents are encouraged to use read, write, edit, bash, and webfetch tools. 4. Sanitization: No input validation or escaping is specified before the user data is written to the .opencode/agents/ directory.
[COMMAND_EXECUTION]: The skill's workflow and templates simplify the creation of agents with shell access via the bash tool. Evidence: SKILL.md lists bash as an available tool and provides git-based examples that utilize shell execution capabilities.
[DATA_EXFILTRATION]: The skill includes webfetch in its list of recommended tools for generated agents. Evidence: SKILL.md documentation and templates suggest webfetch for task-specific sub-agents, providing a potential pathway for external communication if the sub-agent is subverted.

minimal-sop-agent-creator