The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill's workflow depends on processing external 'Findings' data which could contain malicious instructions designed to influence the agent or its subagents. Ingestion points: Findings are ingested via the protocol input described in SKILL.md. Boundary markers: The protocol does not specify the use of delimiters or instructions to ignore embedded commands within the findings data. Capability inventory: The skill possesses the capability to modify the local file system using git and to spawn additional LLM subagents (Sonnet and Opus). Sanitization: The skill explicitly accepts findings labeled as 'confirmed' regardless of their source, indicating a lack of input validation or sanitization for potential prompt injection patterns.

fix-verify-loop