The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes task instructions from external markdown files (tasks.md and taskN.md) which are then passed as context to a sub-agent via runSubagent. This creates a surface for indirect prompt injection where malicious instructions embedded in the task files could manipulate the behavior of the sub-agent.\n- Ingestion points: Reads tasks.md and taskN.md from the ${descriptive-name}/ folder.\n- Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded commands are used when passing task content to sub-agents.\n- Capability inventory: The skill can invoke sub-agents (runSubagent) and perform file system operations (create_file, overwrite).\n- Sanitization: Absent; there is no evidence of sanitization or validation of the content read from the markdown files before it is processed or passed to other tools.\n- [COMMAND_EXECUTION]: The skill coordinates the execution of tasks which may involve running commands or scripts defined within the task files via sub-agents. While this is the intended functionality for a task-orchestration agent, it grants the skill the ability to trigger arbitrary actions based on the content of the task files.

subagents-tasks-run