The Agent Skills Directory

[PROMPT_INJECTION]: The skill's YAML frontmatter contains an explicit instruction designed to bypass default AI behavior: 'CRITICAL: Route and execute immediately. Do not stop at describing capabilities.' This pattern is used to force the agent into execution mode without user-facing clarification or review.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute 'mkdir -p .claude/cc10x' in order to initialize a hidden state directory. While the specific command is low-risk, the use of shell execution represents an active security surface.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection by ingesting untrusted data and interpolating it into instructions for downstream agents. * Ingestion points: user_request, project plan/design files, and state files in .claude/cc10x/ (SKILL.md). * Boundary markers: The orchestration logic uses Markdown headers but lacks strict delimiters or instructions to ignore embedded commands in the input data. * Capability inventory: The skill can execute Bash commands, write files, and generate new tasks with escalated capabilities (SKILL.md). * Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided or external content before it is processed into agent prompts.

cc10x-router