The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill explicitly includes a command to download and execute a remote script via piped bash in Section 4. The command curl -fsSL https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh | bash allows for arbitrary code execution from a source that is not listed as a trusted vendor.\n- [EXTERNAL_DOWNLOADS]: The skill documentation references and encourages the use of an external installation script from a repository belonging to AnandChowdhary. This is a third-party source not verified as a well-known service or trusted organization.\n- [COMMAND_EXECUTION]: The skill provides numerous shell script examples for autonomous workflows that involve high-risk system commands, including the GitHub CLI (gh) for branch and pull request management, and local Node.js script execution (node scripts/claw.js).\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core data-handling patterns.\n
Ingestion points: The agent is instructed to read external, potentially attacker-controlled content from specification files (e.g., specs/component-spec.md) and CI failure logs (gh run view).\n
Boundary markers: Absent. The provided scripts do not utilize delimiters or specific instructions to isolate and disregard embedded instructions within these external data sources.\n
Capability inventory: The skill context grants the agent extensive capabilities, including filesystem manipulation (Edit, Write), network-connected tool execution (gh CLI), and shell access (Bash).\n
Sanitization: Absent. There are no mechanisms described for validating, filtering, or escaping the external content before it is interpolated into the agent's prompts.

autonomous-loops