The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface. It ingests untrusted user requests and metadata from discovered resources (plugins, agents, skills, MCP servers) to generate execution plans without isolating them via boundary markers or sanitizing the input. 1. Ingestion points: 'userRequest' (SKILL.md, Step 1) and 'resources' metadata fetched via 'agent-skill-discovery' (SKILL.md, Step 0). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are implemented during data interpolation. 3. Capability inventory: The skill can invoke other agents, skills, and MCP tools (SKILL.md, Step 6). 4. Sanitization: There is no evidence of input validation or content filtering to prevent malicious instructions within the data from influencing the plan generation.
[EXTERNAL_DOWNLOADS]: The skill documentation suggests downloading and installing external packages from the vendor's ecosystem. 1. Evidence: 'npm install -g claude-superskills' and its dependent packages are mentioned in the README.md. 2. Context: These resources are recognized as vendor-owned and appear to be part of the legitimate toolchain.

agent-skill-orchestrator