The Agent Skills Directory

[PROMPT_INJECTION]: The skill discovers and aggregates content from various local files (agents, prompts, docs) and passes it to sub-agents for analysis. This creates a surface for indirect prompt injection where malicious content in those files could manipulate the sub-agents' analysis or the orchestrator's summary logic.
Ingestion points: Local files matching glob patterns such as **/agents/*.md, **/prompts/**/*.md, and plugins/*/.claude-plugin/plugin.json.
Boundary markers: No explicit delimiters or sanitization steps are used in the tasks dispatched to sub-agents to separate untrusted file content from analysis instructions.
Capability inventory: The skill can spawn sub-agents via Task(), discover local files with Glob(), and load local utility modules using require().
Sanitization: No validation or sanitization of the content from the discovered files is performed before processing.
[COMMAND_EXECUTION]: The orchestrator uses the Task capability to spawn multiple sub-agents (e.g., enhance:agent-enhancer) and provides them with instructions to run analyzers and apply fixes. While these are identified as internal vendor tools, they represent powerful capabilities driven by the results of untrusted file analysis.

enhance-orchestrator