The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its automated context-passing mechanism. 1. Ingestion points: Output from previous agents is captured and injected into new tasks (Step 4.1). 2. Boundary markers: Simple Markdown headers are used to separate stages, providing minimal protection against adversarial instructions. 3. Capability inventory: High-privilege tools like Bash and Write are available. 4. Sanitization: No filtering or sanitization of stage output is performed.
[COMMAND_EXECUTION]: Step 5 involves the execution of shell commands ('rm -rf') targeting specific team and task directories within the user's home directory (~/.claude/). While intended for cleanup, direct manipulation of the filesystem via shell tools carries inherent risk.

pipeline