The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a workflow that reads task descriptions and implementation plans from local files and interpolates this content directly into prompts for subagents. This creates a surface for indirect prompt injection if an attacker can influence the content of the task files or the project plan.
Ingestion points: Task descriptions are read from the ~/.claude/tasks/ directory and passed to subagents in SKILL.md and references/orchestration-patterns.md.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified when wrapping external task content in subagent prompts.
Capability inventory: Spawned agents have access to powerful tools including Bash, Edit, Write, and the general-purpose agent type which has access to all tools.
Sanitization: The instructions do not mention any sanitization or validation of the task content before it is processed by subagents.
[COMMAND_EXECUTION]: The documentation includes multiple shell command snippets intended for use by the agent or user to manage the swarm's state. These commands interact with local configuration files and directories.
Evidence: Commands such as grep on task files, cat and jq on ~/.claude/teams/ configuration files, and ls or tail for monitoring inboxes are used throughout the reference documentation (e.g., references/primitives.md, references/environment-config.md).
[EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install the it2 tool using package managers to enable iTerm2 backend support.
Evidence: references/spawn-backends.md recommends running uv tool install it2, pipx install it2, or pip install --user it2.

orchestrating-swarms