The Agent Skills Directory

[PROMPT_INJECTION]: The skill configuration contains explicit instructions to bypass AI safety guardrails and ignore permission prompts. This is achieved through vendor-specific flags in the configuration and prompt templates, such as --approval-mode=yolo for Gemini and --dangerously-skip-permissions for Claude.
Evidence: SKILL.md contains instructions to use --approval-mode=yolo.
Evidence: config/cli-config.yaml defines auto_approve_flag for multiple vendors with values such as --approval-mode=yolo, --dangerously-skip-permissions, --full-auto, and --yolo.- [COMMAND_EXECUTION]: The skill utilizes shell script wrappers (spawn-agent.sh, parallel-run.sh) to execute the oh-my-ag CLI tool. These scripts pass through all user-provided arguments directly to the shell, facilitating the execution of autonomous agents with full system access and no human-in-the-loop verification for the commands they might run.
Evidence: scripts/spawn-agent.sh, scripts/parallel-run.sh, and scripts/verify.sh use exec oh-my-ag ... "$@" to pass all arguments to a CLI tool that executes the autonomous agents.- [REMOTE_CODE_EXECUTION]: The orchestration of subagents with disabled safety controls allows for the execution of arbitrary code within the project workspace, effectively creating a platform for unvetted autonomous script execution.- [PROMPT_INJECTION]: The orchestrator reads and processes result files generated by autonomous subagents without explicit sanitization or boundary markers, creating a surface where a subagent could influence the orchestrator's next actions.
Ingestion points: SKILL.md (PHASE 5) reads result-{agent}.md files.
Boundary markers: Absent in the processing phase.
Capability inventory: Capability to execute shell commands via oh-my-ag.
Sanitization: No sanitization of subagent output is described before processing or reporting.

orchestrator