The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/setup_remote_worker_from_tmux.sh uses eval $(curl -s http://deploy.i.shaipower.com/httpproxy), which fetches remote content and executes it as a shell command. This pattern allows an external server to execute arbitrary code on the local machine.\n- [COMMAND_EXECUTION]: The skill uses bash -lc to execute complex, dynamically generated scripts both locally and on remote worker replicas via brainctl. High-impact operations such as rm -rf on system directories and modifications to /etc/hosts are performed automatically.\n- [DATA_EXFILTRATION]: The worker configuration process reads and transfers sensitive files including ~/.codex/.env, ~/.codex/AGENTS.md, and ~/.codex/feishu_notify.py. These files typically contain authentication tokens and internal secrets.\n- [EXTERNAL_DOWNLOADS]: The skill makes several network requests to untrusted or unverified domains, including deploy.i.shaipower.com for proxy settings and artifactory.stepfun-inc.com for Python package installation.\n- [CREDENTIALS_UNSAFE]: The skill explicitly targets credential-bearing directories such as ~/.ssh and environment files like .env for transfer and permission modification, increasing the risk of credential exposure.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface.\n * Ingestion points: Reads untrusted tmux scrollback data via tmux capture-pane -p in scripts/setup_remote_worker_from_tmux.sh.\n * Boundary markers: Absent; the data is directly parsed by regex.\n * Capability inventory: Includes brainctl exec, eval, rm -rf, and file writes to system paths.\n * Sanitization: Uses regex to extract specific replica and job identifiers, but results are interpolated into shell commands.

tmux-remote-worker-setup