The Agent Skills Directory

The skill 'subagent-driven-development' is provided as a markdown file, outlining a methodology for using subagents to execute development plans. The skill itself contains no executable code, scripts, or direct commands that could pose a security risk. Therefore, it falls under the 'NO_CODE' category.

However, the core functionality of this skill is to orchestrate other agents by constructing prompts for them using various inputs, such as [plan-file], [task name], [directory], [subagent's report], and [list issues]. This design introduces a significant vulnerability to Indirect Prompt Injection.

If an attacker can control or influence the content of these external inputs (e.g., by providing a malicious [plan-file] or a crafted [task name]), they could inject arbitrary instructions into the subagents. The subagents are then instructed to perform actions like 'Implement exactly what the task specifies', 'Write tests', 'Verify implementation works', and 'Commit your work'. Compromising these inputs could lead to the subagents executing malicious code, modifying critical files, or exfiltrating data, all under the guise of legitimate development tasks.

While the skill's own instructions are benign, its role as an orchestrator makes it a high-risk vector for prompt injection into its downstream agents. The severity is rated HIGH due to the potential for significant impact (e.g., arbitrary code execution and persistence via subagents committing malicious code) if the inputs are not thoroughly sanitized or trusted.