sub-agents

This skill file documents a plausible delegation mechanism that invokes external CLI-based AI agents using a runner script and agent definition files. The design is coherent with its purpose, but it presents a meaningful supply-chain and credential-exfiltration risk: it requires elevated permissions, executes third-party CLIs determined by untrusted agent definition files or CLI overrides, and forwards local context (cwd and prompts) into those processes. There is no evidence of direct malicious code in the SKILL.md itself, but the pattern (unconstrained subprocess invocation + writable agent definitions + elevated permissions) is high-risk in practice. Recommend reviewing the contents of scripts/run_subagent.py and restricting/trust-anchoring .agents (permissions, signing or allowlist of CLIs), avoiding giving elevated permissions to unvetted CLIs, and ensuring prompts do not include secrets. Do not run in production until the runner script and invoked CLIs are audited.