The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external input and moves to autonomous execution.- Ingestion points: Untrusted data enters the agent context through the $ARGUMENTS variable in SKILL.md and by reading various project files such as docs/project-reference/ and .claude/skills/shared/.- Boundary markers: The skill uses <tasks> tags to wrap input arguments, which provides some structural separation but does not include explicit instructions to ignore embedded commands.- Capability inventory: The skill coordinates several subagents with implementation capabilities, including file system modifications, test execution, and git management (via fullstack-developer and git-manager agents).- Sanitization: No validation or sanitization of the input arguments or the content of the read files is performed before they are used to generate an execution plan.

cook-auto-parallel