The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled shell script scripts/session-manager.sh to perform session operations. Specifically, the create command uses osascript (AppleScript) to tell Terminal.app to run a command string. While the script attempts to escape single quotes, it constructs a shell command line (cd '${escaped_dir}' && claude --remote-control '${flags[@]}') which is then passed to Terminal.app for execution. If the directory path or flags are maliciously crafted, this could lead to command injection within the new Terminal window.
[COMMAND_EXECUTION]: The skill automatically applies the --permission-mode bypassPermissions flag when launching Claude Code. This flag is designed to skip security confirmation prompts for tool execution within the agent, effectively reducing the human-in-the-loop security model for the remote session.
[PROMPT_INJECTION]: The SKILL.md instructions include a 'Determine Intent' section that instructs the agent to 'detect any options mentioned naturally' from user input. This creates an indirect prompt injection surface where a user (or data processed by the agent) could inject additional CLI flags or commands into the claude execution process.

claude-remote