The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) due to the way it processes external data. \n- Ingestion points: implementer-prompt.md and spec-reviewer-prompt.md ingest 'FULL TEXT of task' and 'implementer reports' into subagent prompts. \n- Boundary markers: While the templates use Markdown headers for structure, they lack explicit 'ignore instructions' delimiters or warnings to prevent interpolated text from overriding subagent instructions. \n- Capability inventory: The subagents utilize tools like general-purpose and code-reviewer which have the capability to modify the file system and execute code. \n- Sanitization: No sanitization or validation of the task requirements text is performed prior to interpolation. \n- [SAFE] (SAFE): No evidence of credential theft, malicious obfuscation, or unauthorized network communication was identified in the prompt templates or skill metadata.

subagent-driven-development