The Agent Skills Directory

[PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection by design as an orchestration framework. * Ingestion points: scripts/agent-workflow-template.ts (via task parameter), scripts/crewai-crew.py (via topic parameter), and scripts/openai-multi-agent.py (via user_message parameter). * Boundary markers: The prompt templates lack robust delimiters or explicit 'ignore embedded instructions' warnings when interpolating untrusted external data. * Capability inventory: Templates include capabilities for subprocess.run (e.g., references/gpt-5-2-codex.md uses it for testing) and general tool execution which could be exploited if an injected instruction is followed. * Sanitization: No input sanitization or validation logic is implemented in the provided script templates.
[COMMAND_EXECUTION]: The skill includes code templates that demonstrate command execution capabilities. * references/gpt-5-2-codex.md and references/claude-code-instance-management.md contain examples using subprocess.run and subprocess.Popen to execute shell commands. These are provided as developer templates but represent a high-privilege surface if misconfigured.
[EXTERNAL_DOWNLOADS]: The documentation references several external packages from trusted ecosystems. * References standard libraries such as crewai, openai, and autogen-agentchat via pip. * References MCP servers via npx (e.g., @modelcontextprotocol/server-filesystem). These are from well-known technology organizations and are documented neutrally.

agent-orchestration