The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection vulnerability surface within the Team Composition phase (Phase 2). It utilizes the WebSearch tool to ingest untrusted data from the internet regarding real-world experts' credentials and philosophies to generate agent definition files in .claude/agents/. These definitions subsequently govern agents that are granted high-privilege shell access. 1. Ingestion points: External search results for expert biographies and technical tenets in SKILL.md. 2. Boundary markers: The skill does not explicitly instruct agents to ignore or delimit instructions potentially embedded within the search results during profile generation. 3. Capability inventory: Driver agents are granted Bash(*), Edit, and Write permissions in Phase 6. 4. Sanitization: The process relies on the human user to approve the proposed expert roster but does not specify automated sanitization of the fetched data.
[COMMAND_EXECUTION]: The skill configuration workflow involves granting extensive system permissions to subagents. Phase 6 of SKILL.md specifically directs the setup of permissions to include Bash(*). While necessary for the skill's primary purpose of autonomous development, this provides a powerful execution environment for agents whose personas are derived from external data.

ensemble-team