The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides the ability to send direct input to other tmux sessions via the 'send' command. This allows an agent to execute arbitrary commands in the terminal of any active session, which can be exploited for unauthorized system actions or privilege escalation if a session is running with higher permissions.
[DATA_EXFILTRATION]: The 'read' command enables an agent to capture and view the terminal output of other sessions. This presents a high risk of exposing sensitive data, such as API keys, credentials, or private configuration details that may have been printed to the console in those sessions.
[PROMPT_INJECTION]: The inter-agent communication design is inherently vulnerable to indirect prompt injection because the receiving agent is instructed to treat incoming messages as user input.
Ingestion points: Messages are injected into the target terminal's input buffer via the 'agent-msg send' command (referenced in SKILL.md).
Boundary markers: The skill suggests a convention of using an '[AGENT-MSG]' header, but there are no technical enforcement or instructions for the receiving agent to ignore potential malicious commands within the message.
Capability inventory: The skill uses tmux tools to bridge security boundaries between isolated terminal sessions.
Sanitization: There is no mention of input validation or sanitization to prevent an agent from being tricked into executing malicious instructions sent from another session.

agent-comms