The Agent Skills Directory

Prompt Injection (LOW): Indirect Prompt Injection Surface.
Ingestion points: implementer-prompt.md and spec-reviewer-prompt.md ingest untrusted task descriptions and reports.
Boundary markers: The prompts use Markdown headers as delimiters but lack explicit instructions to disregard potential commands or safety overrides embedded in the task content.
Capability inventory: The process empowers subagents to perform file writes (implementation), execute tests (subprocess), and commit code (git operations).
Sanitization: No evidence of sanitization or escaping for the interpolated plan text is provided in the templates.

subagent-driven-development