The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection where a malicious user could hijack the spawned subagents by including instructions in their 'idea' or 'concept'.
Ingestion points: The 'Core Concept' and 'Project Context' gathered from the user in Phase 1 and 2 are used as variables in Phase 3.
Boundary markers: None. The skill interpolates the variables directly into the prompts (e.g., CONCEPT: {refined concept}) without using XML tags, triple-quotes, or explicit instructions to the subagents to ignore potential commands within the data.
Capability inventory: Subagents such as the 'Researcher' and 'Architect' have capabilities to search the web and read codebase files, which could be abused if the subagent is successfully injected.
Sanitization: There is no evidence of input validation or sanitization to remove instructions or escape special characters before the prompts are generated.
[COMMAND_EXECUTION]: The skill uses a user-controlled variable {topic-slug} to determine the file path for saving the brainstorm report (docs/brainstorms/YYYY-MM-DD-{topic-slug}-team.md).
This represents a potential path traversal risk if the underlying platform does not properly sanitize the slug, potentially allowing the agent to write files outside the intended directory.

team-brainstorm