The Agent Skills Directory

[COMMAND_EXECUTION]: The script references/agents/agent_runner.mjs provides a --verify-dead command-line argument that can terminate arbitrary processes on the host system using taskkill (Windows) or kill -9 (Unix). This functionality allows the agent to stop any running application if it identifies or is provided with the Process ID (PID).
[COMMAND_EXECUTION]: The references/agents/agent_registry.json file configures the claude advisor agent with the --dangerously-skip-permissions flag. This disables security confirmation prompts and human-in-the-loop oversight for the sub-agent's tool usage, effectively granting it autonomous control over the environment.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It reads project files and Story metadata in Phase 1 and 2, and interpolates this untrusted content into prompts for external advisors in references/agents/prompt_templates/review_base.md and references/agents/prompt_templates/iterative_refinement.md without sanitization or boundary markers.
Ingestion points: Project files and Story metadata loaded during Phase 1 Discovery in SKILL.md.
Boundary markers: No specific delimiters or "ignore" instructions are used around the interpolated artifact content in prompt templates.
Capability inventory: The system can spawn arbitrary processes from the registry and terminate existing processes via agent_runner.mjs.
Sanitization: No escaping or validation of the {artifact_content} or {project_context} variables was observed.

ln-510-quality-coordinator