The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill executes local commands and scripts, including project-specific CLI tools (bv, br) and a repository-resident script (node .codex/khuym_status.mjs). It also dynamically spawns worker subagents using the spawn_agent primitive, providing them with generated prompts and context which is the primary function of the orchestration logic.
[INDIRECT_PROMPT_INJECTION]: The orchestrator reads messages from an internal Agent Mail system that are produced by worker agents. This creates a potential surface where compromised data or malicious subagent reports could influence the orchestrator's behavior. 1. Ingestion points: Agent Mail inbox and topic threads via fetch_inbox and fetch_topic calls. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the message processing logic. 3. Capability inventory: Spawning new agents, executing local shell commands, and updating project metadata files. 4. Sanitization: The skill does not describe explicit sanitization of received messages before updating state or taking action.
[METADATA_POISONING]: The skill templates and logic reference a non-existent gpt-5 model, which may be a placeholder but could result in incorrect model configuration or coordination errors.

swarming