The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automatically detects and executes test commands from project configuration files (e.g., package.json, pyproject.toml) during the 'Verify' stage (Stage 7). If an attacker provides a malicious project or compromises these files, the agent will execute arbitrary shell commands on the host system.
[PROMPT_INJECTION]: User-provided plans and codebase content are interpolated directly into subagent prompts without boundary markers (e.g., XML tags) or instructions to disregard embedded commands. This creates a surface for both direct and indirect prompt injection. 1. Ingestion points: PLAN argument and files read during Stage 1 and Stage 7 (SKILL.md, references/stage-prompts.md). 2. Boundary markers: Absent in all subagent templates. 3. Capability inventory: Subagents have access to Bash, Write, Edit, and Agent tools (SKILL.md). 4. Sanitization: No validation or sanitization is performed on external content before interpolation.
[EXTERNAL_DOWNLOADS]: The skill's pre-flight routine suggests installing dependencies using 'npx skills add slamb2k/mad-skills'. This involves fetching and running code from an external source managed by the author (slamb2k).

build