The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator script scripts/debate.py executes system commands including git (to handle diffs and history), codex, and claude (to interact with AI backends) using the subprocess module.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted artifacts and interpolates them into model prompts. * Ingestion points: Data enters the agent's context through user-provided content strings, external files specified via the --artifact-file flag, and output from git diff commands. * Boundary markers: The prompts use plain text headers such as 'Original:' and 'Critique:' to separate sections but lack robust structural delimiters (e.g., XML tags) or specific instructions for models to ignore directives embedded in the artifact. * Capability inventory: The skill possesses the capability to execute subprocesses (git, codex, claude) and write session state files to the local file system. * Sanitization: No input sanitization or filtering is performed on ingested content before it is passed to the AI models.

debate