The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading from files like 'agent-manifest.csv' and 'project-context.md', as well as user messages, and interpolating them into sub-agent system prompts. It uses markdown headers (e.g., '## Your Persona') as boundary markers to organize the prompt. Ingestion points: Agent manifest, project context file, and user messages. Capability inventory: Spawning independent agent instances using the Agent tool. Sanitization: No explicit sanitization or validation of the input data is performed before interpolation.
[COMMAND_EXECUTION]: The skill utilizes a tool to spawn sub-agent processes. To mitigate risks associated with dynamic prompt generation, the orchestrator explicitly instructs these sub-agents not to use any tools in their own execution environment, effectively limiting their operational capabilities.

bmad-party-mode