The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions involve the agent reading tasks, requirements, and verification commands from project files (e.g., tasks.md, verify.yaml). This ingestion of untrusted data to guide command execution represents an indirect prompt injection risk. * Ingestion points: tasks.md, requirements.md, plan.md, verify.yaml, and DESIGN.md. * Boundary markers: Includes a [子代理任务] (sub-agent task) marker to identify sub-agent contexts. * Capability inventory: The skill allows for the execution of verification commands and local scripts (scripts/turn-state.mjs). * Sanitization: No verification or sanitization of the external commands is specified in the guidelines.

hello-subagent