The Agent Skills Directory

[PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection (Category 8).
Ingestion points: Untrusted data enters the context via the $ARGUMENTS variable and the output of the WebFetch tool.
Boundary markers: The skill uses structured headers such as 'THE DECISION:' and 'THE STAKES:' in the sub-agent prompts. While these provide some organization, they do not prevent sub-agents from following malicious instructions embedded within the fetched data.
Capability inventory: Spawned sub-agents have access to a powerful toolset including Bash, Write, Edit, and TeamCreate, which could be exploited if an injection occurs.
Sanitization: The skill does not demonstrate any validation, filtering, or escaping of external content before it is interpolated into the prompts for the specialist agents.
[COMMAND_EXECUTION]: The skill uses the Bash tool to inspect environment variables (e.g., CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS) to determine feature support. This confirms that the skill operates in an environment with active shell command execution capabilities.

duke