The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator uses the subprocess module to manage git, the GitHub CLI (gh), and child processes.\n
Evidence: orchestrator.py invokes subprocess.run for cloning and issue management, and subprocess.Popen for starting workstreams.\n
Mitigation: Inputs are sanitized using shlex.quote for shell scripts and json.dumps for Python strings. Issue IDs are validated as integers.\n- [EXTERNAL_DOWNLOADS]: The skill downloads code from remote repositories to facilitate task execution.\n
Evidence: orchestrator.py clones the current repository's origin remote into shallow copies within /tmp. This is a well-known service (GitHub) and is essential to the skill's function.\n- [REMOTE_CODE_EXECUTION]: The skill dynamically generates and runs execution scripts within temporary clones.\n
Evidence: orchestrator.py writes launcher.py and run.sh to the filesystem and executes them to initialize agent workstreams. The generated code is template-based and sanitized.\n- [DATA_EXFILTRATION]: Project metadata is synchronized with GitHub APIs using official tooling.\n
Evidence: orchestrator.py uses gh issue create and gh pr list to track development progress. No sensitive local data is sent to external domains.\n- [PROMPT_INJECTION]: The skill ingests external task descriptions, creating a surface for indirect prompt injection.\n
Ingestion points: workstreams.json and task lists in SKILL.md.\n
Boundary markers: Absent; task text is passed as context to the recipe runner or agent session.\n
Capability inventory: Git operations, GitHub CLI interactions, and subprocess management in orchestrator.py.\n
Sanitization: Content is escaped for shell and Python execution, but natural language instructions are not filtered or wrapped in delimiters.

multitask