The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the creation of terminal windows and the execution of shell commands via Node.js child processes.
Evidence: SKILL.md contains multiple examples using child_process.spawn to launch wt.exe, cmd.exe, and powershell.exe with detached process configurations.
[PROMPT_INJECTION]: The instructions explicitly describe how to bypass an environment-based safety restriction designed to prevent nested tool execution.
Evidence: SKILL.md provides guidance on unsetting the CLAUDECODE variable (set CLAUDECODE=) to allow the Claude CLI to run within a session it would otherwise refuse to enter.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by accepting arbitrary command strings for execution in a shell environment.
Ingestion points: The command property in schemas/input.schema.json allows up to 256 characters of input.
Boundary markers: Absent in the provided implementation examples in SKILL.md.
Capability inventory: Full access to child_process.spawn and shell environments (cmd.exe, bash, powershell).
Sanitization: While a sanitizeWtArg function is provided for terminal titles and profiles, it is not applied to the primary command string that is executed.

windows-terminal