The Agent Skills Directory

[SAFE]: The skill design emphasizes security through isolation and verification. It utilizes fresh subagent contexts for each task to prevent context pollution and enforces a two-stage review process before any task is considered complete. No malicious patterns such as data exfiltration, credential theft, or unauthorized access were identified.
[COMMAND_EXECUTION]: The workflow describes standard development operations performed by subagents, including implementing code, running tests, and committing changes to Git. These operations are conducted within the scope of an implementation plan and are subject to subsequent review cycles.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes task descriptions from potentially external plan files.
Ingestion points: Task descriptions are extracted from plan files (e.g., docs/plans/feature-plan.md) and interpolated into subagent prompts.
Boundary markers: The provided prompt templates (implementer-prompt.md, spec-reviewer-prompt.md) use clear Markdown headers and instructional labels to delineate the specification text from the agent's core instructions.
Capability inventory: The implementation subagent is granted the ability to modify the local filesystem, execute test suites, and perform Git operations.
Sanitization: The skill mitigates risks through manual and automated verification gates. Specifically, spec-reviewer-prompt.md explicitly instructs the reviewer subagent to 'verify everything independently' by reading the actual code rather than trusting the implementer's report, providing a critical check against malicious or erroneous task execution.

subagent-driven-development