The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to the processing of user-supplied requirements. 1. Ingestion points: User requirements and responses are ingested in SKILL.md and monorepo-flow.md to be passed to various subagents. 2. Boundary markers: The orchestrator prompt templates provided do not utilize explicit delimiters or 'ignore' instructions for external content. 3. Capability inventory: The system permits file modifications (Edit/Write) and shell command execution (Bash). 4. Sanitization: No specific sanitization or validation logic for user requirements is documented. This risk is effectively mitigated by the skill's architecture, which requires user approval before implementation and includes a post-implementation security review.
[COMMAND_EXECUTION]: The orchestrator is authorized to use the Bash tool for repository maintenance tasks such as performing git commits and running verification commands. Additionally, subagents are designed to autonomously determine and execute project-specific commands. These capabilities are restricted to an autonomous execution mode that requires a manual 'Batch approval' from the user before any commands are executed.

subagents-orchestration-guide