The Agent Skills Directory

[PROMPT_INJECTION]: The skill acts as a proxy for instructions and context, presenting an indirect prompt injection surface.
Ingestion points: Forwards external context (links, notes) and user requests to child threads as defined in the Child Prompt Shape section.
Boundary markers: Does not use explicit delimiters or 'ignore' instructions when interpolating untrusted data into the prompt for the child thread.
Capability inventory: Uses the codex_app.send_message_to_thread and codex_app.create_thread tools to dispatch work and instructions.
Sanitization: There is no evidence of sanitization or validation of the forwarded data prior to its inclusion in child prompts.

orchestrator