The Agent Skills Directory

[COMMAND_EXECUTION]: The skill enables shell command execution on the local system through its measurement verification system. These commands are authored by AI agents during the orchestration phase.
Evidence: In scripts/measurements.ts, the runMeasurementCommand function uses spawnSync to execute a command string defined in the agent-authored plan.json file via bash -c.
Mitigation: Commands are run with a restricted set of allowed environment variables (e.g., PATH, LANG, USER) and a temporary HOME directory is created for the execution to prevent access to the operator's real credentials or dotfiles.
[PROMPT_INJECTION]: The skill operates by ingesting data from external repositories and reports from multiple cloud agents, which creates a surface for indirect prompt injection. Malicious repository content could influence the decision-making of the Planner agents.
Ingestion points: The orchestration loop reads plan.json, state.json, and multiple handoff markdown files (handoffs/*.md) generated by cloud agents.
Boundary markers: Handoff content is isolated in agent prompts using specific headers such as ### Upstream: <name>.
Capability inventory: Local command execution, cloud agent management via Cursor SDK, git operations, and Slack integration.
Sanitization: A redaction module (scripts/core/redact-body.ts) filters Slack comments for tokens, secrets, absolute paths, and log-dump patterns.
[EXTERNAL_DOWNLOADS]: The skill clones repository branches to the local machine to perform verification checks.
Evidence: scripts/measurements.ts uses git clone to retrieve specific worker branches for analysis.
Source: Downloads occur from the repository URL configured by the user or identified from the project's git metadata.

orchestrate