The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the "Agent" tool to delegate specialized research tasks to sub-agents and uses the "Write" tool to save research reports to the local file system (e.g., "plans/active/"). These actions are explicitly described in the workflow and serve the skill's primary purpose of technical documentation.- [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection due to its architecture of ingesting and processing untrusted data from external sources (web search results). * Ingestion points: Data enters the system via the "$ARGUMENTS" variable and through the results of the WebSearch tool used by sub-agents. * Boundary markers: Explicit delimiters or instructions to ignore embedded commands within search results are absent in the sub-agent prompts. * Capability inventory: The agent possesses file-writing capabilities ("Write") and the ability to spawn further sub-tasks ("Agent"), which could be targeted by malicious search results. * Sanitization: There is no specified sanitization or validation of the external content before it is aggregated into the final report or written to the disk. These findings represent a common risk surface for agents performing open-ended information retrieval.

evidence-check