The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads from and writes to a workspace-specific hidden directory (/.recursive/). Specifically, it accesses configuration files such as recursive-router.json and recursive-router-discovered.json which are used to determine provider and model routing, potentially exposing environment-specific configurations.
[COMMAND_EXECUTION]: The instructions facilitate the selection and invocation of external CLI paths and model-routing mechanisms. While the skill does not directly execute arbitrary shell commands in the provided text, it orchestrates workflows that depend on local tool execution defined in configuration files.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and acting upon data from subagents and external review artifacts. 1. Ingestion points: Data is integrated from subagent outputs (analysts, planners, reviewers) and 'review bundles' stored at /.recursive/run/<run-id>/evidence/review-bundles/. 2. Boundary markers: The instructions lack requirements for strict delimiters or instructions to ignore embedded commands within the processed subagent data. 3. Capability inventory: The agent possesses broad file system access within the project to read evidence and write phase artifacts. 4. Sanitization: There is no evidence of sanitization or validation of subagent-provided content before it is used to influence the controller agent's logic.

recursive-subagent