The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directly interpolates unvetted external data into instructions for specialized subagents.
Ingestion points: The $ARGUMENTS variable is used across all phases in SKILL.md (e.g., Phase 1, Step 1 and Phase 2, Step 4), which typically contains data from external monitoring systems like PagerDuty or Opsgenie.
Boundary markers: None. The external data is concatenated directly into natural language prompts without using delimiters or instructions to ignore embedded commands.
Capability inventory: The workflow utilizes a Task tool to invoke agents with sensitive capabilities, such as backend-architect (fix design) and deployment-engineer (executing production deployments).
Sanitization: None. The skill does not implement any validation, escaping, or filtering for the input data before it is processed by the subagents.

incident-response-incident-response