The Agent Skills Directory

[PROMPT_INJECTION]: The skill provides explicit instructions and reference materials (e.g., 'references/auto-approve-flags.md') to bypass security guardrails and permission prompts for various AI CLIs. It documents the use of high-risk flags such as '--dangerously-skip-permissions' for Claude Code, '--yolo' for Gemini and Copilot, and '--full-auto' for Codex. Furthermore, the skill states that the 'synapse' tool automatically injects these flags when spawning agents, effectively removing human oversight from sensitive tool executions and file system operations.- [PROMPT_INJECTION]: The management workflow creates an indirect prompt injection surface where a manager agent processes untrusted data from worker agents without adequate sanitization or boundary markers.
Ingestion points: Untrusted data enters the agent context via 'synapse history list' and the results of 'synapse send' commands as described in 'SKILL.md' and 'references/worker-guide.md'.
Boundary markers: Absent. No delimiters or instructions are provided to the manager agent to treat sub-agent outputs as untrusted content.
Capability inventory: The skill facilitates agent spawning, task delegation, and execution of shell scripts ('scripts/wait_ready.sh', 'scripts/check_team_status.sh', 'scripts/regression_triage.sh').
Sanitization: Absent. There is no evidence of filtering or validation of agent-provided content before it is re-interpolated into management prompts or used to drive workflow decisions.- [COMMAND_EXECUTION]: The skill executes local shell scripts that interact with the host system. For example, 'scripts/regression_triage.sh' executes 'pytest' on the current working directory while performing 'git stash' operations. If the test paths or arguments are influenced by an agent processing malicious external input, this could lead to unintended command execution.

synapse-manager