The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user input to drive an autonomous pipeline. Ingestion points: User-provided '' argument (SKILL.md). Boundary markers: The skill lacks specific delimiters or 'ignore embedded instructions' warnings for the user input. Capability inventory: Orchestrates multiple sub-agents capable of technical design, parallel implementation, and system-level operations like building and testing (Phase 2 and Phase 3 in SKILL.md). Sanitization: No input validation or filtering is defined before the user content is processed, although the pipeline includes a multi-perspective security review in Phase 4.
[COMMAND_EXECUTION]: The pipeline explicitly requires the agent to perform system-level tasks including build, lint, and test cycles during the QA phase (Phase 3 in SKILL.md). This capability represents an attack surface if the implementation plan generated in Phase 1 is compromised by malicious instructions during the initial requirements analysis.

omg-autopilot