The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/dashboard.py script is vulnerable to shell command injection. The send_human_input function takes user-provided messages from the /api/input endpoint and interpolates them directly into a git commit command that is executed via subprocess.run(shell=True). This allows an attacker to execute arbitrary system commands by including shell metacharacters (e.g., ;, |, &) in the input message.
[COMMAND_EXECUTION]: The scripts/agent_loop.sh script executes the Claude CLI with the --dangerously-skip-permissions flag. This configuration removes the human-in-the-loop requirement for sensitive actions, such as file system modifications or command execution, granting the autonomous agents unrestricted access to the host environment.
[DATA_EXFILTRATION]: The monitoring dashboard in scripts/dashboard.py binds to 0.0.0.0 (all network interfaces) by default and does not require authentication. This configuration makes internal project data, including git logs, task lists, and full agent execution logs, accessible to any device on the same network.
[PROMPT_INJECTION]: The references/agent-prompt-template.md includes explicit instructions that command the AI to override safety protocols. It instructs the agent to "Never request human help or confirmation" and to disregard operational constraints, which can be exploited if the agent processes malicious input from the repository.
[EXTERNAL_DOWNLOADS]: The skill's instructions encourage agents to autonomously install third-party dependencies and run tests. Since the agents operate without a sandbox or human oversight, they could be manipulated into downloading and executing malicious code from external registries or the project's own codebase.

huashu-agent-swarm