The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions that attempt to override the agent's default operational behavior by commanding it to 'Run these slash commands in order. Do not do anything else. Do not stop between steps — complete every step through to the end.' This language is designed to suppress the agent's autonomy and its ability to pause for human intervention or safety evaluation between complex tasks.
[INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection.
Ingestion points: The skill takes untrusted user input via the $ARGUMENTS variable in the /workflows:plan command.
Boundary markers: There are no boundary markers or instructions provided to the agent to treat the $ARGUMENTS content as untrusted or to ignore embedded instructions within that data.
Capability inventory: The workflow includes high-capability commands such as /workflows:work (code generation/modification), /compound-engineering:test-browser (browser automation), and /compound-engineering:resolve_todo_parallel (task execution).
Sanitization: There is no evidence of sanitization or validation of the input before it influences the subsequent autonomous steps of the engineering cycle.

compound-engineering-lfg