The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a binary by downloading and executing a shell script directly from the author's GitHub repository (avivsinai/agent-message-queue) using a piped-to-bash pattern.
[PROMPT_INJECTION]: Instructions specifically guide agents to utilize flags such as --dangerously-skip-permissions and --dangerously-bypass-approvals-and-sandbox when initializing cooperative sessions. These flags are documented as methods to override safety constraints and bypass sandbox protections.
[COMMAND_EXECUTION]: The skill uses shell execution patterns, including eval to load environment configurations and terminal escape sequences to modify tab titles via /dev/tty. These patterns can be risky if environment variables or input data are manipulated.
[PROMPT_INJECTION]: There is a potential for indirect prompt injection as the skill is designed to ingest and process messages from external agents.
Ingestion points: SKILL.md and references/coop-mode.md (via amq drain and amq read commands).
Boundary markers: The skill documentation mentions header validation but does not define delimiters or instructions to ignore embedded commands within the markdown message body.
Capability inventory: SKILL.md (binary execution, shell environment modification, and session management).
Sanitization: No explicit sanitization or filtering is described for the content of message bodies.
[DATA_EXFILTRATION]: The skill facilitates the sharing of project data (file paths and diffs) between different agent instances and across different projects, which could lead to unauthorized data exposure if messaging is not carefully controlled.

amq-cli