The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's core functionality is to delegate arbitrary commands to a "Manager" component for execution. While the stated goal is git operations, the instructions explicitly allow and encourage the inclusion of non-git shell commands like mkdir, cd, and cat (using here-docs for file creation). This architecture creates an unconstrained interface for arbitrary command execution on the Manager.
[COMMAND_EXECUTION]: The skill uses the mc mirror command to synchronize task data between the local path /root/hiclaw-fs/shared/tasks/ and a remote storage service defined by the environment variable ${HICLAW_STORAGE_PREFIX}. It also utilizes a custom utility hiclaw-sync to fetch updates.
[DATA_EXFILTRATION]: The combined capability of reading local files and using mc mirror to sync to a remote storage prefix presents a data exfiltration vector if the storage destination or the delegated commands are influenced by malicious input.
[PROMPT_INJECTION]: The skill provides a template for an indirect prompt injection surface. Because the Worker (AI) is instructed to build a list of commands based on task context, an attacker providing malicious instructions in the task data could cause the Worker to include unauthorized commands in the git-request: message sent to the Manager.

git-delegation