The Agent Skills Directory

[DATA_EXFILTRATION]: The file SKILL.md contains hardcoded absolute local paths (/Users/zhuchunlei/work/01_code/ailesuperpowers/skills/aile-subagent-dev/). This discloses the developer's local username and internal directory structure, which can be used to map the host environment.\n- [COMMAND_EXECUTION]: The skill implements a workflow that retrieves and executes 'Validation Commands' directly from external markdown files (analysis.md and plan.md). The implementer-prompt.md template explicitly instructs sub-agents to run these commands on the system. Because these commands are sourced from project documentation that may be influenced by untrusted inputs, it allows for arbitrary command injection.\n- [PROMPT_INJECTION]: The skill uses external documentation as a core component of its orchestration logic without sanitization, creating a surface for indirect prompt injection. 1. Ingestion points: Loading and parsing of docs/plans/{Story-Key}/analysis.md and associated plan files. 2. Boundary markers: None; the skill lacks delimiters or protective instructions to distinguish documentation from executable commands. 3. Capability inventory: Sub-agents (worker role) possess file-system write access and shell execution capabilities. 4. Sanitization: None; the content from documentation is directly interpolated into sub-agent Task Packages.

aile-subagent-dev