The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted user requests to determine task routing and generate documentation without using boundary markers or sanitization.
Ingestion points: User task descriptions are processed by the router in SKILL.md.
Boundary markers: Absent; user input is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
Capability inventory: The skill can write files to docs/plans/ and invoke powerful external tools via the superpowers:* namespace.
Sanitization: Absent; there is no evidence of validation or escaping for user-supplied strings before they are utilized in planning or workflow selection.

aios-workflow-router