The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently uses shell commands to organize the workspace and validate generated output. Specific evidence includes file operations like mkdir, echo, and touch in Phase 4.1, and build/test commands like eslint, tsc, npm test, and npm run build in Phase 5.4.
[REMOTE_CODE_EXECUTION]: The installation process for the skill involves fetching content from an external GitHub repository. Evidence: the install_command in metadata.json uses curl to download the skill's primary instruction file.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of third-party software and libraries through package managers. Evidence includes references to npm install in Phase 6.3 and the use of external validation tools in Phase 5.4.
[PROMPT_INJECTION]: The architecture is susceptible to indirect prompt injection because it transforms untrusted user input into executable prompts for sub-agents.
Ingestion points: The user's project description acts as the primary data source.
Boundary markers: The agent prompt template in Step 3.1 lacks delimiters or instructions to ignore nested commands, increasing the risk that a user-provided project description could hijack sub-agent behavior.
Capability inventory: The meta-agent and sub-agents possess significant capabilities, including filesystem access, background task execution, and shell command invocation (documented in Phase 4 and 5).
Sanitization: The instructions do not define any sanitization or escaping mechanisms for the project requirements before they are interpolated into the sub-agent prompts.

agent-architect