The Agent Skills Directory

[SAFE]: The skill implements a standard multi-agent planning workflow. It uses platform-specific tools for team management (TeamCreate, TeamDelete) and task orchestration (TaskCreate, Task) which are within the expected operational scope.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the codebase and user-provided paths.
Ingestion points: Data enters the agent context via the $0 argument (brainstorm path) and through codebase exploration tools (Glob, Grep, Read) used by the subagents.
Boundary markers: The prompts for the Architect, Risk Analyst, and Researcher subagents do not explicitly define boundary markers or delimiters for the injected context.
Capability inventory: The skill possesses capabilities to create subagents, write plan files to the local filesystem (docs/plans/), and bootstrap implementation tasks via TaskCreate.
Sanitization: There is no evidence of explicit sanitization or filtering of the ingested data before it is processed by the subagents. However, the workflow includes a human-in-the-loop checkpoint in Phase 5 where the Lead agent must get user approval before writing the final plan or creating tasks.

team-create-plan