The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to coordinate and execute tasks through local CLI tools, scripts, and subagents. This gives the agent the capability to perform various operations on the host system, the scope of which depends on the tasks provided in the external source.
[PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection due to the way it processes and delegates tasks from untrusted external sources.
Ingestion points: As described in references/intake.md, tasks can be ingested from a variety of sources including CSV/TSV/JSON files, issue trackers (Jira, GitHub, Linear), and arbitrary markdown checklists or pasted text.
Boundary markers: The worker instruction template in templates/batch-plan.md interpolates the {task} variable directly into the instruction block. It lacks robust delimiters (such as XML tags or unique markers) and explicit instructions for the model to disregard any command-like text contained within the task data.
Capability inventory: The references/execution.md file allows for execution modes including isolated_write and side_effect_allowed, which grant workers the ability to modify the filesystem or interact with external APIs based on the instructions they receive.
Sanitization: The provided instructions do not implement any automated sanitization, filtering, or validation of the task content before it is used to prompt worker agents, relying instead on manual coordinator verification after the fact.

batch-task-executor