The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local workspace to design agent teams. Ingestion points include README, package.json, project directory structures, and existing configuration files. Boundary markers are absent in the instructions for reading project files. The skill utilizes bash and file system read/write access to analyze the project and generate sub-agent instructions. No explicit sanitization or validation of the ingested file content is performed before it influences the generated outputs.
[COMMAND_EXECUTION]: Requires bash and broad file system access to evaluate codebase complexity and create the .agents/ directory and associated markdown files. This is standard behavior for a development automation tool.
[EXTERNAL_DOWNLOADS]: Recommends fetching configuration and API details from official documentation and well-known technology services (e.g., Vercel, Supabase, Stripe, Netlify). This practice is intended to ground the agent in authoritative sources.

designing-agent-teams