The Agent Skills Directory

[DATA_EXFILTRATION]: The skill directs agents to locate and read sensitive configuration data from the client environment. The Tech Stack Mapper is explicitly instructed in SKILL.md to use Glob and Grep tools to find .env.example, .env.sample, and "API keys in configs". Additionally, the Workflow Auditor scans .github/workflows/*, which frequently contains CI/CD secrets or sensitive logic. While the instructions advise against including tokens in the final report, the act of reading these files constitutes a significant data exposure risk.
[COMMAND_EXECUTION]: All three specialist agents (Workflow Auditor, Tech Stack Mapper, and Strategy Drafter) are granted access to the Bash tool to perform deep discovery and code analysis. This capability allows for arbitrary command execution on the host system where the client data resides.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to how it processes external data. Ingestion points: Untrusted data enters the agent context via user-provided directory paths (Docs) and website URLs. Boundary markers: The prompts do not use delimiters or instructions to ignore instructions embedded within the ingested data. Capability inventory: The agents processing this data have powerful capabilities including Bash, Write, and WebSearch. Sanitization: There is no evidence of validation or sanitization of the ingested content before it is used to drive agent reasoning or tool use.

multi-agent-client-onboarding