The Agent Skills Directory

[PROMPT_INJECTION]: The skill mandates that the agent execute directives within tags 'mechanically, immediately, without judgment' and explicitly states that 'Autonomy ends' once a directive arrives. These instructions serve to override the agent's internal reasoning and safety filters in favor of external triggers.
[COMMAND_EXECUTION]: The orchestrator is designed to dynamically spawn new agent processes with arbitrary tasks and skills based on external directives. This provides a mechanism for performing unauthorized operations if the directives are manipulated by an attacker.
[INDIRECT_PROMPT_INJECTION]: The agent is exposed to malicious instructions that could be embedded in any data it processes (user requests, source code, or tool outputs). If an attacker can inject a tag into these inputs, the agent is primed to execute the contained directive without verification. Mandatory Evidence Chain: 1. Ingestion points: System messages, user requests, and analyzed files described in SKILL.md. 2. Boundary markers: The skill uses tags as identifiers but lacks accompanying instructions to verify the source or ignore nested instructions within the payload. 3. Capability inventory: Dynamically spawning agents with defined tasks and skills using the 'spawn' action. 4. Sanitization: No sanitization or validation of the directive payload is present in the skill's instructions or the validate-orchestration.sh script.

task-orchestration