The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a workflow vulnerable to indirect prompt injection (Category 8) by ingesting untrusted source material and processing it through sub-agents to modify repository files. * Ingestion points: The content of the user-provided 'source-path' is read and passed to 10 sub-agents using the Task tool in Phase 2. * Boundary markers: The prompts in 'references/perspective-prompts.md' lack delimiters or instructions for sub-agents to ignore potentially malicious directions embedded in the source material. * Capability inventory: The skill utilizes Read, Write, Edit, Bash, and Task tools. The workflow allows analysis results to directly influence Write/Edit operations on agent and skill files. * Sanitization: No content validation or sanitization is performed on the source material beyond basic length and quality checks.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands such as 'ls' and 'git commit' using user-supplied arguments. This creates a potential command injection surface if the agent does not strictly validate the 'target-name' variable before interpolation into shell templates.

do-parallel