The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates indirect prompt injection by passing the $ARGUMENTS input directly into the task instructions for multiple specialized sub-agents.
Ingestion points: The $ARGUMENTS parameter is ingested in SKILL.md and forwarded to sub-agents in every phase of the workflow.
Boundary markers: The instructions lack delimiters or guardrail prompts to prevent the sub-agents from interpreting malicious content within $ARGUMENTS as direct instructions.
Capability inventory: The sub-agents invoked have significant system capabilities, including writing production code, managing database schemas, and configuring CI/CD infrastructure.
Sanitization: There is no evidence of input validation or sanitization to mitigate the risk of an attacker injecting instructions that could lead to unauthorized code execution or infrastructure changes.

full-stack-orchestration-full-stack-feature