The Agent Skills Directory

[PROMPT_INJECTION]: The skill orchestrates a multi-round deliberation that ingests untrusted user input and sub-agent results, creating a surface for indirect prompt injection.\n- Ingestion points: User-provided problem statements via the $ARGUMENTS variable in SKILL.md and the {peer_outputs} variable in references/protocol.md (which contains output from previous AI rounds).\n- Boundary markers: The suggested prompt templates in SKILL.md and the protocol description in references/protocol.md do not utilize explicit delimiters (such as XML tags or triple backticks) to isolate the untrusted problem content from the orchestration instructions.\n- Capability inventory: The skill leverages orchestration capabilities like spawn_agent, send_input, wait_agent, and forked agent contexts to process and relay information between council members.\n- Sanitization: There is no evidence of input validation or content sanitization for the data passed between the deliberation rounds.

council