The Agent Skills Directory

[Prompt Injection] (SAFE): No evidence of instructions attempting to bypass safety filters or override agent constraints. The skepticism instructions in the reviewer prompts are design features to ensure implementation accuracy, not malicious bypasses.
[Indirect Prompt Injection] (SAFE): The skill processes implementation plans which are untrusted external inputs. 1. Ingestion points: Task descriptions are interpolated into implementer-prompt.md and spec-reviewer-prompt.md. 2. Boundary markers: Markdown headers are used to delimit task text. 3. Capability inventory: Subagents can perform git operations and execute tests. 4. Sanitization: No explicit sanitization of input text. This surface is inherent to the primary function of the skill and is mitigated by the multi-agent review process.
[Data Exposure & Exfiltration] (SAFE): No patterns of sensitive file access or network-based exfiltration. File operations are confined to the project workspace.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): No downloads of external scripts or execution of remote packages. All tools and subagent dispatches refer to internal capabilities.
[Dynamic Execution] (SAFE): While the subagents are intended to write and test code, the skill does not use unsafe deserialization or runtime compilation of untrusted external source code outside of its primary development purpose.

subagent-driven-development