The Agent Skills Directory

[DATA_EXFILTRATION]: The skill orchestrator executes a command to read ~/.claude/settings.json to check for specific environment flags. This file is sensitive as it stores configuration and potentially authentication credentials for the Claude environment.- [PROMPT_INJECTION]: The skill structure allows for indirect prompt injection. It reads and analyzes local source code modules and provides the analysis results to sub-agents that have the ability to write files and execute shell commands.
Ingestion points: The skill reads all TypeScript (.ts) and Vue (.vue) files within specified module directories (api/src/modules/ and front/src/modules/).
Boundary markers: No delimiters or instructions are used to separate or protect against malicious content within the ingested code.
Capability inventory: Sub-agents (refactor-backend, refactor-frontend, backend-qa, frontend-qa) utilize tools for file system modification and command execution (Bash).
Sanitization: There is no evidence of sanitization or validation of the ingested code files before they are included in the sub-agents' context.- [COMMAND_EXECUTION]: The orchestrator and sub-agents perform various command-line operations, including environment verification (cat, grep) and build/test tasks (bun, bunx). These actions involve executing code in the local environment which could be manipulated via injected prompts.

peach-agent-team-refactor