The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configures the 'field_tactician' expert to use the --dangerously-skip-permissions flag with the claude-glm command. This flag is explicitly designed to override standard security prompts and permission checks, reducing user oversight for high-risk operations.
[REMOTE_CODE_EXECUTION]: In modules/deferred-capture.md, the instructions require the agent to run python3 scripts/deferred_capture.py. This script is not included in the skill's file list, making it an unverifiable dependency that could execute arbitrary code present in the user's environment.
[DATA_EXFILTRATION]: The skill includes a 'Discussion Publishing' module that uses the GitHub CLI (gh) to transmit session summaries and deliberation artifacts to GitHub Discussions. The modules/deferred-capture.md file specifies that 'Capture is automatic: do not prompt the user for confirmation', which increases the risk of sensitive internal deliberation data being published to a semi-public or public platform without explicit review.
[PROMPT_INJECTION]: The skill facilitates the processing of arbitrary project files and pipes data through a chain of multiple LLMs. This architecture is susceptible to indirect prompt injection, where content within the analyzed files could potentially hijack the 'Supreme Commander' or other expert roles to influence the decision-making outcome or leak context.

war-room