The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively uses the Bash tool to manage its multi-phase pipeline. It executes internal Python scripts for initialization and validation, and invokes external CLI tools such as quarto for document rendering and graphify for knowledge graph construction.
[COMMAND_EXECUTION]: In scripts/gate1_validator.py, the skill uses subprocess.run to execute validate_artifact.py. While the paths are constructed from skill-controlled variables and the skill's own installation directory, this mechanism executes external processes from within Python.
[EXTERNAL_DOWNLOADS]: The skill requires several external software components and libraries to function, including the Quarto publishing system and the graphify CLI. It also requires the installation of Python packages jsonschema and networkx via pip.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted web-crawled content during the collection phase. This data is subsequently processed by the research-synthesizer subagent and used to build knowledge graphs.
Ingestion points: Untrusted data enters the pipeline during Phase 2 (Collection) and is stored in the collect/evidence/ directory as markdown files.
Boundary markers: The skill uses a 'quarantine pipeline' to isolate suspicious content and explicitly instructs agents to treat scraped content as data, not instructions.
Capability inventory: The orchestrator has access to Bash, Write, Edit, Agent (for spawning subagents), quarto, and graphify.
Sanitization: The pipeline implements artifact validation against JSON schemas (plan.schema.json, question_tree.schema.json) and requires human checkpoints (Gates) before proceeding between major phases.

research-orchestrator