The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user story content to determine orchestration logic and as input for multiple agents. • Ingestion points: The user-provided story content is read and analyzed in 'steps/01-flag-detection.md' to set execution flags. • Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found for the agents processing the story. • Capability inventory: The orchestration involves file system writes, memory operations via MCP, and shell command execution. • Sanitization: No sanitization or validation of the input story text is performed before it is passed to sub-agents.
[EXTERNAL_DOWNLOADS]: The skill downloads and executes an external package from the NPM registry at runtime. • Evidence: 'steps/01-flag-detection.md' utilizes 'npx --no-install ruflo' to perform memory search operations.
[COMMAND_EXECUTION]: The skill invokes shell commands as a fallback mechanism for state persistence and retrieval. • Evidence: Step 1 and Step 7 reference the use of the 'ruflo' CLI for interacting with the agentic-qe memory namespace.

qcsd-refinement-swarm