The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection. It processes untrusted data from the issues arguments and local project files through multiple autonomous sub-agents. An attacker could place malicious instructions in the code being debugged or the issue descriptions to manipulate agent output.
Ingestion points: $ARGUMENTS tag and various files analyzed by the debugger and scout-ext sub-agents.
Boundary markers: The skill uses basic XML-like tags () for arguments but lacks strict delimiter enforcement for code files being read.
Capability inventory: The workflow includes git-manager (write access), fullstack-developer (code modification), and tester (code execution), which are powerful capabilities if a prompt injection succeeds.
Sanitization: Relies on manual approval and a code-reviewer sub-agent, which provides a defensive layer but is not a foolproof security control against adversarial input.

fix-parallel