The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands to manage development environments, infrastructure, and CI/CD pipelines. This includes high-privilege operations like modifying Kubernetes clusters and running build scripts.
Evidence: Found in SKILL.md using kubectl apply, kubectl patch, and npm test across multiple phases.
[EXTERNAL_DOWNLOADS]: The workflow uses package managers to fetch tools and dependencies from the npm registry.
Evidence: Multiple steps in SKILL.md utilize npx to run the claude-flow tool and npm to install project dependencies.
[REMOTE_CODE_EXECUTION]: The skill relies on the execution of code downloaded at runtime from the npm registry, specifically the claude-flow orchestration tool.
Evidence: The workflow repeatedly executes npx claude-flow for agent spawning, swarm initialization, and memory management.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where data from planning phases (requirements) is passed to downstream agents with access to powerful tools.
Ingestion points: Phase 1 captures REQUIREMENTS_JSON from the product-manager agent, which is later retrieved and used by the system-architect and backend-developer agents.
Boundary markers: There are no explicit boundary markers or instructions to treat the requirements data as untrusted when it is interpolated into agent prompts.
Capability inventory: The agents in the workflow have the capability to execute shell commands (kubectl, npm), write files, and interact with network services.
Sanitization: No sanitization or schema validation for the REQUIREMENTS_JSON data is mentioned before it is consumed by technical agents.

when-building-backend-api-orchestrate-api-development