The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted task descriptions and interpolates them into instructions for a sub-agent. While it uses boundary markers, the absence of explicit sanitization or validation of the input could allow an attacker to craft a task description that influences the orchestrator or the sub-agent's behavior.
Ingestion points: Task description provided via $ARGUMENTS in SKILL.md.
Boundary markers: Employs and tags to encapsulate the user-supplied content.
Capability inventory: Utilizes the Task tool to dispatch new agent processes with generated prompts.
Sanitization: No sanitization, escaping, or schema validation is performed on the input from $ARGUMENTS prior to its use in prompt construction.

launch-sub-agent