The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the claude CLI using the --permission-mode bypassPermissions flag in the scripts/run-session.sh script. This explicitly disables the security model that requires user confirmation for sensitive tool usage, allowing the sub-agent to perform arbitrary actions on the host system.\n- [REMOTE_CODE_EXECUTION]: An autonomous execution loop is implemented in scripts/run-session.sh and SKILL.md that automatically starts new agent sessions. Combined with the permission bypass, this creates a persistent, unmonitored environment for executing code and commands on the user's machine.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because the Executor Agent context is built from the contents of task_list.md and progress.md (ingestion points in scripts/run-session.sh). There are no boundary markers or sanitization processes (sanitization: absent) to prevent malicious instructions within these files from being obeyed. Since the agent has full system capabilities (capability inventory: bash, file write, etc.) via the permission bypass, this could lead to full system compromise.

autonomous-skill