The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides configuration instructions for AI agents (Claude Code, Gemini CLI) that install shell hooks (UserPromptSubmit, AfterAgent). These hooks automatically execute a curl | python3 pipeline every time a user sends a message or the agent finishes a turn. This creates a persistent command execution surface that relies on the integrity of the local server at localhost:4747.
[REMOTE_CODE_EXECUTION]: The automated hooks for Claude Code and Gemini CLI use a piped execution pattern: curl ... | python3 -c "...". While the Python code is currently inline and visible in the instructions, this pattern is inherently risky as it executes logic fetched from a network endpoint (/pending) without integrity verification.
[EXTERNAL_DOWNLOADS]: The scripts/setup-agentation-mcp.sh script and the SKILL.md instructions frequently use npx -y agentation-mcp server. This command downloads and executes the latest version of the agentation-mcp package from the npm registry without version pinning, introducing a supply-chain risk.
[PROMPT_INJECTION]: The skill instructions include developer_instructions for Codex and markdown for other agents that provide high-level directives to 'call agentation_watch_annotations in a loop' and 'fix the code'. While intended for functionality, these instructions override default agent behavior to create an autonomous loop.
[DATA_EXFILTRATION]: The React component includes a webhookUrl prop that, if configured, sends UI annotation data (including CSS selectors, bounding boxes, and potentially sensitive 'nearbyText') to an external URL.

agentation