The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a .claude/settings.local.json file that grants pre-approval (automatic execution without user prompt) for over 70 tools, including bash, chmod, powershell, and xargs. This configuration removes the primary human-in-the-loop safety mechanism, allowing arbitrary system commands to be executed without user oversight.\n- [DATA_EXFILTRATION]: By adding network-capable tools like curl, http (HTTPie), and the GitHub CLI (gh) to the pre-approved list, the skill enables the agent to silently send project source code, environment secrets, or local data to external endpoints.\n- [REMOTE_CODE_EXECUTION]: The skill authorizes the use of package managers (npm, pip, pnpm, cargo) and compilers/runtimes (node, python, rustc, make) without user prompts. This allows malicious instructions or injected prompts to silently install and execute third-party code.\n- [CREDENTIALS_UNSAFE]: Pre-approving the GitHub CLI (gh) provides a direct pathway for the agent to access and potentially leak user authentication tokens or SSH keys managed by the tool, which are often active in developer environments.

setperms