The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines an "agentic" mode which explicitly instructs the agent to "Never ask user" and "Resolve all decisions autonomously," even for high-impact events. This protocol targets the platform's safety model by overriding the expectation of human-in-the-loop validation for sensitive operations.
Evidence: "'agentic' | Fully autonomous. Resolve all decisions via leads, board, or best-judgment. Never ask user."
Evidence: "AGENTIC MODE: Resolve autonomously — NEVER ask the user"
[PROMPT_INJECTION]: The skill processes untrusted user data from the /go command by directly interpolating raw strings into prompts for sub-agents without any sanitization or boundary markers (delimiters). This creates a significant surface for indirect prompt injection.
Ingestion points: User goals supplied via /go (e.g., processGoal(userGoal)) used in SKILL.md.
Boundary markers: Absent. User input is placed directly into prompt strings.
Capability inventory: The orchestrator can read/write files, spawn sub-agents with varying permissions, and execute shell commands through the CLI.
Sanitization: Absent. There is no evidence of validation or escaping for the userGoal or derived keywords.
[COMMAND_EXECUTION]: The skill describes a workflow that assembles shell commands for sub-agents using potentially untrusted input. Specifically, it suggests spawning the Claude CLI with arguments derived from user questions.
Evidence: claude --print --model opus "/orchestrator-supaconductor:board-meeting {question}"
[COMMAND_EXECUTION]: The parallel execution engine and worker dispatch protocol utilize the Task tool to run arbitrary code and scripts. The skill relies on dynamically created state files (plan.md, metadata.json) to determine execution flow; if these files are manipulated via prompt injection, it could result in unauthorized code execution.
Evidence: Task({ subagent_type: "general-purpose", description: "Execute track tasks", prompt: ... })

conductor-orchestrator