The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions and reference documents cite fictitious or future-dated model names such as 'gpt-5.4' and 'gpt-5.3-codex-spark'. Such references are often used to influence AI behavior by convincing the model it has capabilities beyond its actual state, which can lead to hallucination or deviation from safety protocols.
[PROMPT_INJECTION]: The skill defines a workflow for ingesting and processing untrusted data from repository environments (including task text, code files, and acceptance criteria), representing an indirect prompt injection surface. Ingestion points: External task definitions and repository context ingested via SKILL.md and references/implementer-prompt.md. Boundary markers: The framework utilizes Markdown headers and YAML blocks to segment instructions from data, which provides limited protection against adversarial content. Capability inventory: The orchestration capabilities include spawning subagents, file system modifications, and execution of verification commands. Sanitization: The skill does not specify any automated sanitization or filtering of external inputs, relying instead on manual context selection.

subagent-driven-development