The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface. The skill's primary function is to ingest and partition large external contexts for subagent processing. Evidence: (1) Ingestion points: The skill explicitly targets multi-file analysis and research tasks with many sources as defined in Phase 1. (2) Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the orchestration protocol. (3) Capability inventory: It spawns 'general-purpose' subagents with the authority to perform code refactoring and implementation in Phase 2. (4) Sanitization: There is no evidence of data sanitization before passing untrusted content to subagents.
[COMMAND_EXECUTION] (MEDIUM): The skill utilizes the 'Task' tool to dynamically spawn background processes and subagents. This facilitates a broad range of command execution capabilities across different subagent types (Explore, general-purpose, Plan), which are directed by potentially untrusted input data.
[PROMPT_INJECTION] (LOW): The skill metadata includes a likely hallucinated or future-dated reference (arXiv:2512.24601). While not directly malicious, this misleading metadata makes the skill's technical claims and research foundation unverifiable.

rlm-orchestrator