The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input to derive task requirements and select appropriate tools. Ingestion points: User task descriptions are parsed in SKILL.md (Step 1). Boundary markers: None explicitly defined for the interpolation of user requirements into tool selection logic. Capability inventory: The orchestrator can invoke agents and MCP tools with Bash, Read, and Write capabilities (referenced in SKILL.md under Example 1). Sanitization: No explicit sanitization or filtering of user input is specified before requirement extraction.- [COMMAND_EXECUTION]: The skill manages resources that execute shell commands and file operations. Evidence: The workflow in SKILL.md identifies resources with Bash, Read, and Write tools to perform implementation tasks. Mitigation: A mandatory human-in-the-loop approval step (AskUserQuestion in Step 5) ensures no commands are executed without explicit user consent.

agent-skill-orchestrator