The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to ingest and summarize untrusted data from external sources (Teams, Email), creating a potential surface for indirect prompt injection.
Ingestion points: The data-collector agent parses external communications formatted as Teams chats or emails, as seen in assets/agents/data-collector.agent.template.md.
Boundary markers: The prompt templates for data-collector and report-generator lack explicit delimiters or instructions for the agent to ignore instructions embedded within the processed data.
Capability inventory: The task-manager and orchestrator agents have the capability to write to the file system and delegate tasks to other agents with terminal access (general-worker).
Sanitization: No specific sanitization or escaping of ingested data is implemented before interpolation into report templates.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill includes local PowerShell scripts for setup (Initialize-BizOpsWorkspace.ps1, Deploy-BizOpsTemplates.ps1). These scripts perform standard file and directory operations (creating folders, copying templates) and do not involve downloading or executing code from remote, unverified locations.
[Command Execution] (SAFE): While some agents like general-worker are granted terminal access, this is restricted by the agent's instructions to ad-hoc, unclassified tasks and is not used for malicious system modifications.

biz-ops-setup