The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill implements an orchestration pattern where it reads content from external sources (such as PRDs, specification files, and existing source code) and incorporates that content into the prompts used to spawn sub-agents like Solution Architects or Developers. \n- Ingestion points: External data is ingested from the project filesystem via reading tools as specified in 'validation.md' and 'workflows.md'. \n- Boundary markers: The prompt templates defined in 'review-domains.md' lack clear delimiters or 'ignore embedded instructions' directives, which could allow malicious instructions inside the read files to influence sub-agent behavior. \n- Capability inventory: The orchestrator has the capability to spawn sub-agents with varying permissions, write state files to the local '.state' directory, and execute git commands for repository management. \n- Sanitization: No sanitization or validation logic is applied to the content of the ingested files before they are placed into the sub-agent prompt context.

teamlead-subagent