The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface due to its orchestration of external data. \n- Ingestion points: The skill ingests untrusted data via the $ARGUMENTS variable and user-provided prototype code paths. \n- Boundary markers: It attempts to mitigate injection by mandating a [SYSTEM CONSTRAINT] suffix for all sub-agent prompts, though it lacks formal delimiters for user-supplied data. \n- Capability inventory: The orchestrator invokes sub-agents (e.g., task-executor, quality-fixer) that possess capabilities for code modification and task execution. \n- Sanitization: There is no evidence of validation, escaping, or schema enforcement for user-provided strings before they are interpolated into sub-agent prompts.

recipe-fullstack-implement