The Agent Skills Directory

[SAFE]: The skill defines a communication and task management protocol for AI agents. The instructions are appropriate for its function and do not attempt to bypass core safety guardrails.
[PROMPT_INJECTION]: The skill's design addresses indirect prompt injection risks by mandating structured prefixes ([{sender}→{recipient}]) for all agent communications. This creates a clear boundary between agent protocol messages and potential untrusted data ingested from TaskList descriptions, TaskGet metadata, or SendMessage contents in SKILL.md. While the protocol uses capabilities like TaskUpdate and SendMessage to process this data, the presence of these markers reduces the risk of the agent incorrectly interpreting embedded instructions. No specific sanitization logic is described, but the boundary markers serve as a functional mitigation.
[DATA_EXFILTRATION]: The skill references local configuration paths in ~/.claude/ for team discovery and persistent memory. These are standard internal paths for the agent environment and are not used to access or exfiltrate sensitive user credentials, private keys, or other high-value data.
[REMOTE_CODE_EXECUTION]: The Python test script (test_skill_loading.py) correctly utilizes yaml.safe_load() to process the skill's frontmatter. This ensures that any processed YAML data cannot trigger arbitrary code execution, mitigating a common vulnerability in script-based skill processing.

pact-agent-teams