The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest data from external goal files and interpolate that content into new markdown files (1-input.md) which are then consumed by downstream agents. This creates a surface for indirect prompt injection if the goal files contain malicious instructions.
Ingestion points: The skill reads from strategy/goals/active/{goal-id}.md as specified in the 'Read Goal' and 'Workflow' steps.
Boundary markers: Absent. The template for 1-input.md uses direct interpolation (e.g., {Goal Name}, {context}) without delimiters or warnings to downstream agents to ignore embedded instructions.
Capability inventory: The skill uses Read and Write tools to create directories and files. While it does not execute code directly, it enables the propagation of potentially malicious instructions to 'Assigned Agents' who may have higher-privilege capabilities.
Sanitization: None detected. There is no logic provided to escape, validate, or filter the content extracted from the goal files before writing them to the new thread files.

sys-activating-goals