The Agent Skills Directory

Indirect Prompt Injection (LOW): The orchestrator ingests untrusted repository data and interpolates it directly into subagent prompts, creating a surface for indirect prompt injection. Ingestion points: The skill reads 'diff.patch' and 'code-context.json' (referenced in scripts/launch-subagents.sh) which may contain malicious instructions embedded in code comments or metadata. Boundary markers: The prompts generated in 'scripts/launch-subagents.sh' do not use delimiters or instructions to ignore embedded commands. Capability inventory: The skill launches subagents with the Task tool to perform various analysis tasks. Sanitization: No evidence of input sanitization is present before data is passed to subagents.

code-review-orchestrator