tree-of-thoughts

The SKILL.md file describes a complex multi-agent reasoning process. It uses markdown to explain the phases, prompt templates, and decision logic. Crucially, the skill itself does not contain any executable code, shell scripts, or calls to external programs (like curl, wget, npm, pip). The only command mentioned, mkdir -p .specs/research .specs/reports, is a standard and low-privilege file system operation for organizing output, which is not considered malicious. The use of CRITICAL: within the prompt templates is for instructing the sub-agents (other LLMs) on how to behave within the defined process, not for attempting to bypass the orchestrating LLM's (Claude's) safety guidelines or system prompt. The skill is inherently safe due to its descriptive nature. However, as a multi-agent system, it is susceptible to indirect prompt injection if the outputs of its sub-agents were to be maliciously crafted, which is a general risk for such architectures and not a specific vulnerability in this skill's definition.