The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes tmux to manage background execution environments (e.g., wf-remote-<work-id> and wf-auto) that autonomously perform workflow tasks.
[PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection, particularly within its autonomous 'auto' and 'revision' workflows. • Ingestion points: Content is retrieved from external sources including GitHub Issue descriptions, Issue comments, and Pull Request review comments via the gh CLI. • Boundary markers: There are no specific delimiters or instructions defined to prevent the agent from following directives embedded within the ingested external text. • Capability inventory: The skill possesses the ability to execute local command chains (e.g., /wf1-kickoff, /wf0-nextstep), perform git operations (branching, pushing), and manage persistent background processes. • Sanitization: While the skill implements a collaborator permission check (restricting triggers to admin, write, or maintain roles), it does not perform sanitization or filtering of the actual content within those comments before incorporating it into the workflow logic.

wf0-remote