The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core design of interpolating untrusted user data into sub-agent prompts. * Ingestion points: User-provided problem descriptions and constraints are parsed in Phase 1 and passed to proposer sub-agents in Phase 2. * Boundary markers: The skill lacks explicit delimiters (such as XML tags or triple quotes) or instructions for sub-agents to ignore potential instructions embedded within the user's problem description. * Capability inventory: Proposer agents are granted 'full-capability' status, allowing them to spawn sub-agents that can execute commands for feasibility testing (SKILL.md). * Sanitization: No input validation or sanitization is performed on the user-supplied text before it is used to prompt sub-agents.
[COMMAND_EXECUTION]: Proposer agents are instructed to use 'full-capability' sub-agents to run commands when testing the feasibility of proposed solutions. While intended for architectural research, this capability increases the risk if the sub-agent is manipulated by malicious content within the user-provided problem statement.
[SAFE]: No obfuscation, hardcoded credentials, or suspicious remote network calls were detected. The skill uses a robust task-management protocol and explicitly instructs agents to design solutions without making changes to the codebase.

brainstorm