The Agent Skills Directory

[PROMPT_INJECTION]: The skill aggregates recommendations and rationales from multiple agents to reach a consensus, creating a surface for Indirect Prompt Injection. If one participating agent is compromised or processes untrusted external data, it could inject malicious instructions into the consensus summary or deliberation process.
Ingestion points: Votes and rationales are gathered from multiple agents as described in the 'Collect Votes' section of SKILL.md.
Boundary markers: While the process uses markdown headers to separate inputs, it lacks explicit 'ignore embedded instructions' delimiters or system-level instructions to treat the aggregated content as untrusted data.
Capability inventory: The skill is configured with powerful tools including Bash, Write, and Edit, which increases the potential impact if an injected instruction were to be executed by the agent during the voting or documentation phase.
Sanitization: The skill instructions do not mandate validation or sanitization of the content provided by the agents before it is processed, recalculated, or recorded in the final Decision Record.

consensus-voting