The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes the Bash tool to manage session directories and execute a CLI tool (ccw) for requirement decomposition. It implements robust sanitization for the session ID slug using a whitelist regex (/[^a-z0-9\u4e00-\u9fa5]+/g), which effectively mitigates common shell injection and path traversal vulnerabilities for directory creation.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted user input that is then used to instruct sub-agents.
Ingestion points: The requirement argument and the resulting task descriptions in tasks.csv (residing in SKILL.md).
Boundary markers: The agent instruction template interpolates task titles and descriptions using simple placeholders like {title} and {description} without defensive delimiters or instructions to ignore embedded commands.
Capability inventory: The skill environment provides access to sensitive tools including Bash, Write, Edit, and spawn_agents_on_csv.
Sanitization: While the skill filters characters for filename creation, it does not sanitize the semantic content of the decomposed tasks, potentially allowing a malicious requirement to influence the behavior of the sub-agents.

csv-batch-execute