The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates a workflow that ingests external data, creating an indirect prompt injection surface.
Ingestion points: Implementation tasks are read from an external [plan-file] and interpolated into sub-agent prompts in SKILL.md.
Boundary markers: The prompt templates for dispatching sub-agents lack explicit delimiters or instructions to ignore malicious directives embedded within the plan tasks.
Capability inventory: Sub-agents are granted capabilities for file-system manipulation (writing code and tests) and version control (executing commits) based on the instructions in the plan.
Sanitization: The workflow does not specify any validation or sanitization of the plan file's content before processing.
Countermeasures: The skill provides robust defense-in-depth by mandating an independent code-reviewer sub-agent evaluation after every task, serving as a quality and security gate.

subagent-driven-development