The Agent Skills Directory

[PROMPT_INJECTION]: The coordinator agent processes outputs from sub-agents (workers), creating a surface for indirect prompt injection. 1. Ingestion points: Phase 2 (Synthesis) and Phase 4 (Verification) in SKILL.md read results produced by sub-agents. 2. Boundary markers: The coordinator uses structured sections as defined in worker-prompt-template.md, but worker reports are essentially untrusted data processed in natural language. 3. Capability inventory: The coordinator executes shell scripts (setup-worktree.sh) and manages the execution environment of sub-agents. 4. Sanitization: The instructions focus on manual synthesis and do not provide for automated sanitization of sub-agent outputs.
[COMMAND_EXECUTION]: The scripts/setup-worktree.sh script executes git commands using variables derived from user-supplied arguments. 1. Evidence: git worktree add -b "$NAME" "$WORKTREE_DIR" "$REF" in scripts/setup-worktree.sh. 2. Risk: While variables are properly quoted to prevent simple shell injection, malicious input for worker names or branch references could attempt command argument injection if the parent agent does not perform strict validation.

coordinating-agents