The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill's primary execution pattern (Method B) instructs the agent to capture the user's 'ANTHROPIC_AUTH_TOKEN' and write it into a temporary bash script ('execute-task.sh'). Storing plaintext API keys in script files on the local filesystem is a high-risk practice that exposes credentials to other processes or accidental logging.
[PROMPT_INJECTION]: The skill contains explicit instructions to override the platform's security mechanisms. Specifically, it directs the agent to 'unset CLAUDECODE' to bypass the environmental check that prevents recursive or nested AI sessions, which is a core safety boundary of the execution environment.
[COMMAND_EXECUTION]: The skill recommends and provides templates for executing the agent CLI with the '--dangerously-skip-permissions' flag. This flag suppresses all human-in-the-loop confirmation prompts for file system and network operations, significantly increasing the risk of autonomous malicious activity in the sub-session.
[DATA_EXFILTRATION]: By design, the skill reads sensitive API credentials provided by the user and writes them to disk for consumption by a background shell process. This creates a data flow where sensitive tokens are moved from the protected agent context into the broader file system environment.
[PROMPT_INJECTION]: The skill implements an indirect injection attack surface. It relies on reading and executing instructions from external files like 'task-plan.md' and 'execution-log.md' without implementing boundary markers or sanitization, potentially allowing malicious instructions in those files to influence the agent's behavior during the task execution phase.

use-other-model