The Agent Skills Directory

[SAFE]: No security issues detected. The skill's behavior is consistent with its stated purpose of workflow orchestration and artifact management. The multi-agent architecture uses local instruction files to process user input without external dependencies.
[DATA_EXFILTRATION]: The artifact-scanner-agent reads metadata from the .agents/ directory to track project progress. This access is limited to the local project workspace and does not involve any network operations or unauthorized file access. No hardcoded credentials or sensitive environment variable exposure was detected.
[PROMPT_INJECTION]: The skill takes a natural language goal from the user and passes it to an intent classification sub-agent. While this represents a surface for indirect prompt injection, the skill lacks high-privilege tools (such as arbitrary shell execution or outbound network access) that could be exploited by such an injection.
Ingestion points: User-supplied goal argument in SKILL.md used to trigger analysis.
Boundary markers: The dispatch protocol in SKILL.md suggests appending the goal to instructions; it does not specify the use of strict boundary delimiters or XML tags.
Capability inventory: Uses the Agent tool for internal classification and composition; the skill can write the workflow-plan.md artifact but lacks arbitrary file write or subprocess execution capabilities.
Sanitization: No explicit sanitization or validation logic is applied to the user's goal string before it is interpolated into sub-agent prompts.

skill-router