The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's documentation and integration tests (SKILL.md, references/api-reference.md, and scripts/test_integration.py) suggest installing the Cursor Agent CLI by piping a remote script to bash (curl https://cursor.com/install -fsS | bash). While this targets a well-known service, executing unverified remote scripts directly in the shell is an insecure practice.
[COMMAND_EXECUTION]: The core functionality in scripts/cli_client.py involves executing external binaries (claude, agent, gemini, codex) using subprocess.run. These tools are invoked to process prompts and can perform significant actions in the workspace, such as editing files or running commands, particularly when used in the skill's suggested 'yolo' or 'auto-approve' modes.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it routes untrusted data to sub-agents with high privileges.
Ingestion points: Untrusted prompts enter the workflow via invoke_claude and invoke_parallel in scripts/claude_client.py.
Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings applied to prompts before they are passed to sub-agents.
Capability inventory: Sub-agents like Claude Code and Cursor Agent have full access to the local filesystem and shell, and this skill specifically facilitates their use in non-interactive, automated workflows.
Sanitization: The skill performs no validation, escaping, or filtering of the prompt content before passing it to the CLI backends.
[DATA_EXFILTRATION]: An optional telemetry module (scripts/telemetry_helper.py) is included that can send invocation metadata, such as duration and prompt length, to an external Tinybird endpoint. This only activates if the user explicitly configures the TB_INGEST_TOKEN and TB_INGEST_URL environment variables.

orchestrating-agents