The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it utilizes the $ARGUMENTS variable as a direct input for specialized sub-agents across all phases of the development lifecycle.
Ingestion points: The $ARGUMENTS variable is processed as raw input in 16 separate steps within the SKILL.md file, including those for data analysis, architecture planning, and code implementation.
Boundary markers: There are no delimiters or instructions used to encapsulate user input, increasing the risk that malicious data in $ARGUMENTS could override the intended task instructions for the sub-agents.
Capability inventory: The sub-agents involved in this workflow possess significant capabilities, including the generation of backend and frontend code, defining data pipeline architectures, and configuring deployment infrastructure (feature flags and rollout rules).
Sanitization: The skill does not implement any mechanisms to escape, validate, or sanitize the user-provided content before it is interpreted by the language model.
[COMMAND_EXECUTION]: The workflow explicitly directs sub-agents to generate and implement executable code for backend, frontend, and machine learning components. While this is the intended purpose of the skill, it creates a surface for dynamic code execution (Category 10) where malicious instructions injected into the initial prompt could result in the generation of compromised or backdoored software components.

data-engineering-data-driven-feature