The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill executes a configuration script located in a sibling directory (../kata-configure-settings/scripts/read-config.sh). This represents a dependency on external local files and a minor directory traversal pattern, though it is consistent with the skill's orchestration purpose.
[PROMPT_INJECTION] (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) due to the interpolation of untrusted data into subagent prompts.
Ingestion points: Untrusted data enters via $ARGUMENTS and user responses to symptom gathering (expected/actual behavior, error messages, reproduction steps).
Boundary markers: The skill uses XML-style tags (<symptoms>, <agent-instructions>, <objective>) to delimit user data within the prompt.
Capability inventory: The subagents and the orchestrator can execute bash commands, read/write local files in .planning/debug, and spawn further subagents via the Task tool.
Sanitization: No explicit sanitization or escaping of user input is performed before interpolation into the Task prompt, allowing a user to potentially influence subagent logic through bug descriptions.

kata-debug