The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines a 'Multi-Engine Mode' within its process workflow that involves executing shell commands to invoke other AI tools or engines, specifically 'codex exec --full-auto' and 'gemini -p --yolo'. While these are presented as orchestration logic for complex evaluations, they represent a capability to run CLI-based tools.
[PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection due to its core functionality of ingesting and analyzing untrusted project data. * Ingestion points: The persona generation workflow (references/persona-generation.md) explicitly targets files such as 'README.md', source code ('src//auth*', 'src//user*'), test files, and sensitive metadata like 'CODEOWNERS' and '.github/workflows/*'. * Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' markers when processing the content of these scanned files, making the agent susceptible to instructions embedded within the analyzed project. * Capability inventory: The agent has the ability to execute shell commands and trigger handoffs to other agents (Palette, Scout, Spark, etc.), which could be leveraged by a malicious instruction found in a project file. * Sanitization: No validation or sanitization mechanisms are described for the data extracted from the project files before it is used to parameterize the agent's simulation behavior.

echo