The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of system commands for environment setup, git operations, and package management. It initiates a background Python HTTP server on port 3333 to serve the '.claude' directory, which contains session metadata and task databases, potentially exposing this data to the local network without authentication.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection where untrusted data is passed to subagents. Ingestion points: Task details (title, description, acceptance criteria) are retrieved from the 'ohno' MCP service. Boundary markers: The skill uses markdown headers in subagent templates but lacks explicit instructions to disregard embedded commands in the injected data. Capability inventory: Subagents (implementers, fixers) are granted broad file system and command execution permissions. Sanitization: No evidence of input sanitization for task data before interpolation into prompts.
[EXTERNAL_DOWNLOADS]: The skill executes the vendor-owned '@stevestomp/ohno-cli' package from the NPM registry via 'npx'.
[COMMAND_EXECUTION]: Documentation for the 'unattended' operating mode suggests running the AI agent with the '--dangerously-skip-permissions' flag, which bypasses security guardrails and allows for fully automated command execution without human approval.

work-session