The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's execution flow utilizes Bash scripts that interpolate variables directly into shell commands and tool arguments. In Stage 2 and Stage 10, the task_number variable is interpolated directly into a jq filter string rather than being passed as a safe parameter, creating a potential for tool-specific injection. Furthermore, variables like session_id and project_name are interpolated into commands such as git commit and mkdir in Stage 3 and Stage 12, which represents a command injection surface if these variables contain shell metacharacters.
[PROMPT_INJECTION]: An indirect prompt injection surface is present due to the processing of external data. Ingestion points: The skill ingests data from specs/state.json and research reports from the research_path. Boundary markers: The skill lacks delimiters or protective instructions when interpolating research_content into the prompts for sub-agents in Stage 5. Capability inventory: The agent has access to tools including Bash, Edit, Write, and TeammateTool, which could be leveraged if an injection occurs. Sanitization: There is no evidence of validation or escaping of external content before it is interpolated into the planning prompts.

skill-team-plan