The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpreting natural language user requests to determine which execution path to take.
Ingestion points: User requests containing keywords such as 'implement', 'fix', or 'investigate' are used to categorize tasks in Step 2 (SKILL.md).
Boundary markers: There are no explicit delimiters or instructions defined to isolate the user-provided data from the orchestration logic, potentially allowing crafted input to influence the workflow selection.
Capability inventory: The skill utilizes the Read tool to access local filesystem content and the Skill tool to invoke other functional skills based on the classification result.
Sanitization: No explicit validation or sanitization of user input is documented before the classification step.
[COMMAND_EXECUTION]: The skill dynamically loads orchestration instructions and workflow steps from external local files.
Evidence: The skill is designed as a 'thin wrapper' that fetches its primary logic from ~/.amplihack/.claude/commands/amplihack/ultrathink.md and subsequent workflow steps from other markdown files in the ~/.amplihack/ directory. While these are vendor-specific resources for the 'amplihack' toolset, this pattern means the agent's behavior is governed by files external to the skill's own definition.

ultrathink-orchestrator