The Agent Skills Directory

[PROMPT_INJECTION]: The skill architecture involves processing untrusted user input and distributing it to multiple subagents, creating a surface for indirect prompt injection.\n- Ingestion points: User-provided problem statements and constraints ingested in Phase 1 (SKILL.md) are passed to proposers in Phase 2 and shared as peer proposals in Phase 3.\n- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the user's input before passing it to proposer agents.\n- Capability inventory: Proposer agents use coordination and research tools (Task, SendMessage) but are explicitly mandated to follow a read-only approach with no filesystem changes.\n- Sanitization: No input filtering or validation is applied to user data before interpolation into subagent instructions.\n- [SAFE]: The skill defines a robust coordination logic for a multi-agent team and explicitly forbids subagents from performing implementation tasks or file modifications.

brainstorm