The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted external data (codebases or PRDs) via the target parameter.\n
Ingestion points: File agents/architect.md (via target parameter) and commands/arc-review.md (which reads the generated markdown files).\n
Boundary markers: Absent. External content is interpolated directly into the agent context without delimiters or instructions to ignore embedded commands.\n
Capability inventory: The agents have Read, Glob, Grep, and Write tool permissions, which could be abused if an injected prompt successfully overrides the architectural task.\n
Sanitization: No sanitization of the input target is performed before it is processed by the Architect subagent.\n- EXTERNAL_DOWNLOADS (LOW): The skill references external dependencies that are not from trusted organizations.\n
Evidence: The agents architect.md, refiner.md, and critique.md all reference development-skills:separation-of-concerns and development-skills:tactical-ddd. While these appear to be internal architectural skills, they do not originate from a verified trusted repository according to the security policy.

architect-refine-critique