The Agent Skills Directory

[PROMPT_INJECTION]: The skill provides explicit instructions to bypass security controls in sub-agents.
In references/auto-approve-flags.md, it directs the use of flags such as --dangerously-skip-permissions for Claude Code and --dangerously-bypass-approvals-and-sandbox for Codex CLI.
These instructions effectively strip away the AI's internal safety guardrails and human-approval requirements.
[COMMAND_EXECUTION]: The skill implements a complex multi-agent orchestration framework relying on local command execution.
It utilizes shell scripts like scripts/wait_ready.sh and scripts/regression_triage.sh to manage environment state and agent lifecycles.
The synapse CLI is used extensively to spawn, interrupt, and kill processes, providing a high degree of control over the local system.
[EXTERNAL_DOWNLOADS]: The skill includes documentation for bypassing standard UI interactions via API calls.
references/auto-approve-flags.md contains a curl example targeting http://localhost:8100/spawn to programmatically create agents with safety-bypass flags enabled.
[PROMPT_INJECTION]: The multi-agent architecture creates a significant surface for indirect prompt injection.
Ingestion points: Data enters the management context through synapse send messages, synapse memory search results, and file attachments via the --attach flag.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when one agent processes output from another.
Capability inventory: The manager agent possesses high-privilege capabilities including agent spawning/termination and arbitrary script execution.
Sanitization: There is no evidence of sanitization or validation of data passed between agents, allowing a malicious payload in a sub-task to potentially influence the manager agent's next commands.

synapse-manager