The Agent Skills Directory

[PROMPT_INJECTION]: Behavioral override instructions that bypass human-in-the-loop safety. The skill explicitly directs the agent to "NEVER ask 'should I continue?'" and "never ask permission to continue" (SKILL.md), aiming for indefinite autonomous operation without user oversight.
[PROMPT_INJECTION]: Instructions to bypass platform security controls. The skill guides the agent to suggest that users add wildcard patterns to .claude/settings.local.json (SKILL.md). This is specifically designed to silence mandatory permission prompts for tool execution.
[COMMAND_EXECUTION]: Execution of unsanitized, user-provided shell commands. The core workflow relies on running arbitrary Verify and Guard commands through the Bash tool. This creates a high-risk surface for arbitrary code execution if the configuration is influenced by malicious data.
[COMMAND_EXECUTION]: Indirect Prompt Injection attack surface. The skill ingests data from external sources such as git log and results.tsv (SKILL.md) without boundary markers. Combined with extensive capabilities including Bash execution and Write/Edit operations, this creates a risk where malicious commit messages or file content could manipulate the agent's logic. (Ingestion points: git log, results.tsv; Boundary markers: absent; Capability inventory: Bash, Read, Write, Edit, Agent; Sanitization: absent).

iterate