The Agent Skills Directory

[COMMAND_EXECUTION]: The script bin/loop.sh invokes the paseo CLI using flags --mode bypassPermissions for Claude agents and --mode full-access for Codex agents. These flags explicitly attempt to bypass safety, filtering, and permission controls within the agent runtime environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the feedback loop. The output from a previous iteration (stored in last_reason_file) is interpolated directly into the worker prompt for the next iteration. If an agent produces malicious output, it can hijack the instructions of subsequent iterations. Ingestion points: last_reason_file. Boundary markers: <previous-iteration-result> tags. Capability inventory: paseo run (arbitrary agent actions), file system writes, and git operations. Sanitization: None detected for interpolated content.
[COMMAND_EXECUTION]: The 'Live Steering' mechanism re-reads worker-prompt.md and verifier-prompt.md from the filesystem (~/.paseo/loops/) at the start of every iteration. This allows for dynamic modification of the instructions being executed by the agents while the loop is active.
[COMMAND_EXECUTION]: The script performs filesystem management and git worktree operations based on user-provided arguments, creating state directories and managing branch checkouts without explicit validation of the provided names or paths.

paseo-loop