The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core design as a task orchestrator. • Ingestion points: The skill ingests DAG schedules and node data from external skills like dag-task-scheduler in SKILL.md. • Boundary markers: Absent. The logic described in buildPromptForNode and buildParallelTaskCalls does not implement delimiters or instructions to prevent the sub-agent from following commands embedded in the task data. • Capability inventory: Significant capabilities including Task (agent spawning), Write, and Edit. Spawning sub-agents with Opus/Sonnet models creates a high-impact execution surface. • Sanitization: Absent. There is no validation or filtering of the content within task.nodeId or the prompts passed to the Task tool. • Impact: An attacker who can influence the DAG schedule can perform unauthorized actions by injecting instructions that the spawned sub-agents will execute.

dag-parallel-executor