The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface due to the collaborative nature of its agent roles.
Ingestion points: The coordinator and specialized worker roles (ideator, challenger, synthesizer, evaluator) read and process markdown files from the session directory that are created and updated by other agents.
Boundary markers: The skill lacks explicit instructions or delimiters to isolate the text being processed, making it potentially vulnerable to instructions embedded within the generated ideas or critiques.
Capability inventory: The agents have access to powerful tools, including Bash for shell access, Write/Edit for file modification, and the Agent tool for spawning sub-agents.
Sanitization: There is no logic for sanitizing or validating the content of the generated artifacts before they are ingested by subsequent agents.
[COMMAND_EXECUTION]: The coordinator role uses the Bash tool to run the pwd command. This is used to programmatically determine the project and skill root directories for path resolution during session initialization.

team-brainstorm