The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from user arguments and external web search results which are then interpolated into prompts for subagents.
Ingestion points: User-provided requirement in $ARGUMENTS and research results from web.run.
Boundary markers: Present; the skill uses clear Markdown headers (e.g., ## TASK ASSIGNMENT, ## TASK CONTEXT) to delimit instructions from data.
Capability inventory: The skill can spawn subagents (spawn_agent), perform web searches (web.run), create issues (ccw issue create), and execute basic file system commands (mkdir, test).
Sanitization: The skill implements sanitization for file system paths by using a regex to create a slug from user input, though the raw requirement text is interpolated directly into agent messages.
[COMMAND_EXECUTION]: The skill uses functions.exec_command for environment setup and codebase detection. The inputs to these commands (such as the session folder path) are sanitized via regex to prevent shell injection.

roadmap-with-file