The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from user-supplied topics and external requirement files (@file). This data is interpolated into instructions for sub-agents executed via the 'spawn_agents_on_csv' tool. This creates a surface for indirect prompt injection where malicious instructions embedded in input data could influence sub-agent behavior.
Ingestion points: User input ($ARGUMENTS), external file references (@file), and brainstorm session files (guidance-specification.md).
Boundary markers: None identified in the prompt construction logic for sub-agents.
Capability inventory: The skill and its sub-agents have access to Bash, Write, and Edit tools.
Sanitization: Basic regex sanitization is applied to generated slugs for file paths, but no sanitization is evident for the content passed into agent instructions.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool for directory management and log maintenance. While directory names are sanitized via regex, the skill implements a 'Shared Discovery Board Protocol' that instructs agents to append findings to a file using shell redirection. If a sub-agent is compromised via indirect injection, this pattern could be exploited for command injection if findings are not properly escaped before being processed in a shell context.

maestro-spec-generate