The Agent Skills Directory

[COMMAND_EXECUTION]: The skill manages files in the user's home directory (~/.claude/agents/), allowing for the creation of persistent subagent definitions that remain active across different projects and future AI sessions.\n- [COMMAND_EXECUTION]: The skill supports the creation of subagents with 'permissionMode: bypassPermissions', which enables them to execute file edits and commands without requiring standard user confirmation prompts, presenting a privilege escalation risk.\n- [PROMPT_INJECTION]: The 'create_subagent.py' script accepts a system prompt as input and writes it directly into a new agent definition without sanitization. This creates an attack surface for indirect prompt injection where untrusted data could become part of a permanent, high-privilege subagent. Evidence: Ingestion points: 'create_subagent.py' CLI arguments; Boundary markers: YAML frontmatter delimiters; Capability: Writing to agent configuration directories; Sanitization: None.

subagents-management