The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface as it employs sub-agents to explore and summarize existing codebase content. Malicious instructions embedded in source code comments or documentation could potentially influence the design recommendations or implementation steps generated by the agent. This is a known risk for agents that process external data, and the skill includes significant mitigations such as mandatory user sign-offs and a dedicated 'Reviewer' agent stage that specifically checks for injection vectors.
Ingestion points: User-provided feature requests via $ARGUMENTS in SKILL.md and codebase analysis performed by Explorer agents defined in AGENTS.md.
Boundary markers: The sub-agent prompts in AGENTS.md do not include explicit delimiter-based boundary instructions. However, the workflow in SKILL.md enforces human-in-the-loop validation through multiple AskUserQuestion calls before architecture selection and implementation.
Capability inventory: The skill uses the Agent tool for parallel processing, TodoWrite for session state, and possesses the capability to modify project source files during the implementation stage.
Sanitization: The skill does not perform automated sanitization of ingested code but instead incorporates a 'Reviewer' agent (Stage 5) whose specific purpose is to audit the recently changed code for bugs, security vulnerabilities, and adherence to conventions.

feature-dev