The Agent Skills Directory

Indirect Prompt Injection (LOW): The orchestrator parses untrusted markdown plan files and interpolates their content directly into instructions for subagents. Ingestion points: Plan files specified by the user (e.g., plan.md). Boundary markers: None; the content is placed directly into a Task Prompt Template. Capability inventory: Subagents are directed to read/edit files and run validation commands. Sanitization: No sanitization or escaping of the plan content is performed.
Command Execution (LOW): The prompt template provided to subagents includes the instruction to 'Run validation if feasible', which may result in the execution of arbitrary test scripts or commands defined within the untrusted plan file.

parallel-task