The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes a local shell script located at .claude/scripts/glm5-teammate.sh to handle agent spawning. This script is not provided within the skill manifest, making its internal logic and security posture unverifiable via static analysis.
[PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8). It ingests untrusted user input via the $ARGUMENTS variable and interpolates it into a shell command.
Ingestion points: User-provided task descriptions are captured from $ARGUMENTS in the 'Execution' logic and 'Spawn Teammate' bash command.
Boundary markers: None are present to delimit the user task from the shell command structure.
Capability inventory: The skill has Bash, Read, and Write permissions, allowing the execution of subprocesses and file modifications.
Sanitization: There is no explicit sanitization or escaping of the user input before it is passed to the shell script, relying entirely on the script's internal handling and shell quoting.

glm5