The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently executes shell commands using the Bash tool to invoke ccw cli. This tool is used for project analysis, implementation of code changes, and planning. These operations are core to the skill's functionality but involve broad command-line capabilities.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted inputs, such as user-provided task descriptions and content from the project codebase, and interpolates them directly into prompt templates for subagents (Agent tool) and CLI-based LLM tools (ccw cli).
Ingestion points: User-supplied task descriptions ($ARGUMENTS) and project source code files (processed via ccw cli or Read tools).
Boundary markers: The skill uses markdown headers and structured prompt labels (e.g., PURPOSE:, TASK:, ## Role Assignment) as delimiters, which provide some structure but do not fully sanitize against adversarial content.
Capability inventory: The skill possesses extensive capabilities, including command execution (Bash), file system modification (Write, Edit), and the ability to spawn additional subagents (Agent).
Sanitization: There is no evidence of explicit escaping, validation, or filtering of untrusted strings before they are incorporated into instructions for the LLM components.

team-roadmap-dev