The Agent Skills Directory

[COMMAND_EXECUTION]: The skill leverages the Bash tool to execute various CLI tools including codex, bd, and local Node.js scripts for model dispatch, task management, and skill discovery. Evidence is located in dispatch/multi-model.md, engine/synthesis-protocol.md, and dispatch/skill-injection.md.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where untrusted content from the problem statement or context files can influence the orchestrator or sub-agents. 1. Ingestion points: SKILL.md (problem input), domains/arch.md (source files such as specs and design docs), and domains/dev.md (codebase findings). 2. Boundary markers: No delimiters or safety instructions are used for untrusted content in templates/agent-brief.md. 3. Capability inventory: Bash, Write, Edit, Agent, and TeamCreate. 4. Sanitization: No sanitization or validation of external content is performed before interpolation into prompts.- [REMOTE_CODE_EXECUTION]: In lev-exec mode, the skill transmits generated content to external model providers via shell commands, facilitating the remote processing of dynamically constructed instructions.- [DATA_EXFILTRATION]: Project context and artifacts stored in the tmp/cdo-{session}/ directory are read and sent to external model providers during the deliberation process, particularly when using the lev-exec modifier.- [DYNAMIC_EXECUTION]: The skill implements an adaptive loop where the next turn's structure (width, roles, and skills) is determined by a YAML directive generated by an LLM in the previous turn. This creates a self-modifying execution flow based on AI output.

cdo