The Agent Skills Directory

[PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection through the use of the $ARGUMENTS variable which passes untrusted data to sub-agents.\n
Ingestion points: User input via $ARGUMENTS is interpolated into prompts across multiple files, including sub-skills/1-database-architecture-design.md, sub-skills/4-backend-service-implementation.md, and sub-skills/12-performance-optimization.md.\n
Boundary markers: The prompts lack clear delimiters (such as XML tags or triple quotes) or specific instructions to the sub-agents to ignore potential instructions embedded within the user-provided feature descriptions.\n
Capability inventory: The sub-agents invoked have significant capabilities, including generating backend and frontend code, creating database migration scripts, and configuring infrastructure and CI/CD pipelines through the Task tool.\n
Sanitization: There is no implementation of input validation or sanitization before user-provided data is processed by the orchestration logic.

full-stack-orchestration-full-stack-feature