The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because its core function involves processing and analyzing untrusted codebase data to generate architectural insights.
Ingestion points: The skill reads and searches through arbitrary user project files during the exploration and deep analysis phases (documented in phases/02-project-exploration.md and phases/03-deep-analysis.md).
Boundary markers: The prompts for sub-agents responsible for analysis do not incorporate explicit boundary markers or instructions to disregard potential commands embedded within the data being analyzed.
Capability inventory: The skill possesses significant capabilities, including file writing (Write), shell command execution (Bash), and sub-agent orchestration (Task), which could be leveraged if an indirect injection were successful.
Sanitization: There is no evidence of content sanitization or instruction filtering for the data ingested from the analyzed codebase.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform directory management (mkdir) and execute analysis utilities such as ripgrep (rg), find, and internal scripts like get_modules_by_depth.sh to map project structures. These actions are consistent with the skill's intended purpose of project analysis.
[REMOTE_CODE_EXECUTION]: The skill utilizes the Task capability to spawn and manage parallel sub-agents (e.g., cli-explore-agent) for distributed analysis tasks. This orchestration is a functional part of the complex multi-agent workflow defined in the SKILL.md and phase documentation.

architecture-specialist