The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The orchestrator script (scripts/swarm.sh) spawns child agents using flags that explicitly disable security controls. Specifically, it uses --dangerously-skip-permissions for Claude and --dangerously-bypass-approvals-and-sandbox for Codex. This allows the sub-agents to execute any shell command, modify files, or perform network operations without the user being prompted for approval.
[COMMAND_EXECUTION]: The skill performs automated environment setup including git worktree creation, branch management, and package installations. These operations are performed across multiple directories and are triggered automatically by the dispatcher.
[EXTERNAL_DOWNLOADS]: The pm_install function in scripts/swarm.sh executes automated package installations (npm install, pnpm install, yarn install, or bun install) in multiple worktrees. This is a common vector for supply chain attacks if the project's dependencies are compromised.
[REMOTE_CODE_EXECUTION]: The skill facilitates an 'Indirect Prompt Injection' surface. The Feature Agent is instructed to pull task descriptions from external sources such as Linear, GitHub Issues, or Jira. Because the agent operates with bypassed permissions, any malicious instructions embedded in these external tasks (e.g., in a public GitHub issue comment) would be executed by the agent without user oversight.

swarm