The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates raw user input into instructions for subagents with high-level capabilities.
Ingestion points: The $ARGUMENTS variable (containing the user-provided --feature name and description) is used across all four phases in SKILL.md (Steps 1 through 12).
Boundary markers: Absent. The user input is directly concatenated into prompts (e.g., 'Analyze feature requirements for: $ARGUMENTS') without the use of delimiters, XML tags, or explicit instructions to the subagents to ignore embedded commands within the data.
Capability inventory: The skill orchestrates subagents with significant privileges, including backend-architect (code implementation), deployment-engineer (CI/CD and deployment), and security-auditor. A malicious feature description could potentially influence these subagents to perform unauthorized actions during the development or deployment lifecycle.
Sanitization: No sanitization, validation, or escaping logic is defined for the $ARGUMENTS before they are passed to the subagent task tool.

backend-development-feature-development