The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines a workflow for processing untrusted lead data (such as company descriptions) which creates an indirect prompt injection surface.
Ingestion points: Lead data is injected into sub-agent prompts as a JSON array as documented in references/prompt-template.md.
Boundary markers: The prompt template utilizes Markdown headers (e.g., ## Leads) to separate the data from instruction blocks.
Capability inventory: The pattern uses the Task tool for parallel sub-agent execution and involves writing state and results to /tmp and the user's home directory (~/cold-email-ai-skills/).
Sanitization: The content is not explicitly sanitized, but the workflow requires a mandatory human review and approval process (detailed in SKILL.md) to verify agent outputs before the process is allowed to scale, effectively mitigating the risks of processing untrusted input.

personalization-subagent-pattern