The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/launch.sh script dynamically generates the orchestrator.sh script at runtime using an unquoted heredoc (<<ORCH_EOF). This allows variables extracted from the user-controlled fleet.json file (such as fleet_name) to be expanded during generation, which can lead to shell command injection when the orchestrator is executed.
[COMMAND_EXECUTION]: The lib/worker-spawn.sh script constructs shell commands by concatenating strings with configuration variables (e.g., worker_id, session_name, cwd). These variables are wrapped in single quotes, but can still be escaped if the input contains single quotes, leading to arbitrary command execution when passed to bash -c or tmux.
[COMMAND_EXECUTION]: The scripts/kill.sh script uses pgrep -f with the FLEET_ROOT path to identify and terminate processes. If the root path is manipulated or overly broad, this could inadvertently target unrelated system processes.
[PROMPT_INJECTION]: The skill configures spawned Claude workers using the --dangerously-skip-permissions flag. This bypasses standard user confirmation prompts for tool execution, allowing the automated workers to perform file and system operations without manual oversight.

iterative-fleet