The Agent Skills Directory

[SAFE]: The skill acts as an informational reference and contains no executable code or scripts, reducing the direct attack surface to zero.
[COMMAND_EXECUTION]: The API specification (API_SPEC.md) mentions the availability of a bash tool within the infrastructure's scope for agents. This is documented as a core capability for agents designed to perform technical tasks and does not represent a malicious command within the skill.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface. Ingestion points: query, task, and question parameters in pattern classes like Swarm and Hierarchical (API_SPEC.md). Boundary markers: Uses build_premise to define role constraints and anti-patterns. Capability inventory: Mentions bash, read_file, write_file, and search_codebase tools in claude_scope.py. Sanitization: No explicit sanitization or escaping of external content is described in the reference.
[SAFE]: Use of local directories such as .claude/cache/ and /tmp/ is specified for coordination databases and message caching, which is standard for maintaining state in multi-agent systems.

agentica-infrastructure