The Agent Skills Directory

[COMMAND_EXECUTION]: Potential jq filter injection detected in Stage 2 and Stage 12. The shell commands interpolate the task_number parameter directly into the jq filter string (e.g., select(.project_number == '$task_number')). If the input is not strictly validated as an integer before this interpolation, a malicious task number could be used to manipulate the JSON transformation logic or execute arbitrary jq filters.- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the phase coordination logic where untrusted data from implementation plans is passed to sub-agents.
Ingestion points: The skill reads implementation plans from the filesystem via the plan_path parameter (Stage 5).
Boundary markers: The skill uses basic markdown headers (e.g., ## Plan Context) as delimiters when building prompts for teammate agents, which may not be sufficient to prevent instruction override from malicious content in the plan.
Capability inventory: The spawned teammate agents have access to high-privilege tools including Bash, Edit, and Write for implementation and verification.
Sanitization: No evidence of sanitization, escaping, or instruction-bypass filtering for the content extracted from the implementation plans before it is interpolated into teammate prompts.

skill-team-implement