The Agent Skills Directory

[COMMAND_EXECUTION]: The skill evaluates conditional 'when' expressions in scripts/services/work_schedule.py using subprocess.run(cmd, shell=True). This allows arbitrary shell command execution based on strings defined in agent configuration files.
[REMOTE_CODE_EXECUTION]: In scripts/main.py, the write_start_command_script function generates shell scripts from configuration strings, applies executable permissions (chmod 755), and executes them. This is a form of dynamic script generation and execution.
[COMMAND_EXECUTION]: The skill manages system persistence by programmatically modifying the user's crontab through scripts/schedule_helper.py. While intended for scheduling agent tasks, this capability allows the skill to schedule arbitrary recurring system commands.
[COMMAND_EXECUTION]: There is extensive use of subprocess.run throughout scripts/tmux_helper.py and scripts/main.py to manage tmux sessions. This constitutes the core functionality but provides a significant attack surface if the configuration files (e.g., agents/*.md) are manipulated.
[EXTERNAL_DOWNLOADS]: The skill references @google/gemini-cli via npx in providers/__init__.py. This is a reference to a well-known service from a trusted organization.
[PROMPT_INJECTION]: The skill includes indirect injection risks (Category 8) because it ingests data from agents/*.md and AGENTS.md files without boundary markers or sanitization, and maps these inputs to powerful capabilities such as shell=True execution and file writing.

agent-manager