The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data through the user-provided argument [narrative content description] and processes existing project data via Read, Glob, and Grep tools. This information is interpolated into prompts for subagents (Task tool) without the use of explicit boundary markers, delimiters, or instructions to ignore embedded commands. While the requirement for user approval via AskUserQuestion at each phase transition serves as a mitigation, the lack of input sanitization or delimited context means malicious instructions hidden in story briefs or lore files could potentially influence the logic of the narrative team agents. The primary risk involves the subagents' capabilities to Write and Edit files based on the processed narrative data.

team-narrative