The Agent Skills Directory

[COMMAND_EXECUTION]: Potential shell command injection in SKILL.md. The validation step uses test -f "$DESIGN_PATH" where the path is constructed using a user-influenced feature name. If the agent fails to sanitize the feature name before interpolating it into the path, an attacker could provide a name containing command substitution patterns (such as $(command) or backticks) that would be executed by the shell during the existence check.
[PROMPT_INJECTION]: Indirect prompt injection surface identified in SKILL.md. The skill implements an automated transition from brainstorming to planning (exarchos:plan) without a human-in-the-loop checkpoint. * Ingestion points: User input provided during the Phase 1 clarification questions (SKILL.md). * Boundary markers: None present to delimit user-provided content in the generated design document. * Capability inventory: State management via exarchos_workflow, completeness verification via exarchos_orchestrate, skill chaining, and shell file checks (SKILL.md). * Sanitization: No explicit sanitization or validation of the generated design document content is described before it is passed to the next skill in the chain.

brainstorming