The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The run_loop.sh script implements an autonomous loop that can be configured with the --dangerously-skip flag. This flag passes --dangerously-skip-permissions to the underlying agent, bypassing the critical security requirement for human confirmation of file writes and shell commands.
[COMMAND_EXECUTION] (MEDIUM): The safety hooks in assets/templates/hooks.json use a basic regex-based blacklist (grep -qE '(rm -rf /|sudo rm|chmod -R 777)') to block dangerous commands. This provides a false sense of security as it is easily bypassed by alternative shell syntax (e.g., sudo -u root, chmod 775, or path obfuscation).
[EXTERNAL_DOWNLOADS] (LOW): The references/mcp-patterns.md template recommends downloading and executing various Model Context Protocol (MCP) servers using npx -y @anthropic/mcp-server-*. Although the @anthropic organization is a trusted source, this pattern involves executing remote code at runtime.
[PROMPT_INJECTION] (LOW): The assets/templates/CLAUDE.md file contains strong instructional framing ('YOU MUST', 'IMPORTANT') to enforce autonomous behavior. While intended for coordination, such rigid framing can be leveraged by indirect prompt injections found in external project files (e.g., feature_list.json or git logs) to steer the agent's behavior.
[COMMAND_EXECUTION] (LOW): The assets/templates/validate_completion.py script executes shell commands (npm test, git status) to verify state. While these are localized to the project directory, they are triggered automatically by the agent's 'Stop' event without user oversight.

autonomous-loop