The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/autoresearch invokes the claude CLI using the --dangerously-skip-permissions flag. This flag is designed to suppress all user confirmation prompts for high-risk actions, including shell command execution, file modifications, and network requests.
[COMMAND_EXECUTION]: The skill translates user-supplied subcommands and flags into a prompt for the sub-agent. Parameters such as --guard <cmd> (used in the fix subcommand) allow for the execution of arbitrary shell commands. Because permissions are skipped, these commands will run automatically without the user's knowledge or approval.
[DATA_EXFILTRATION]: By bypassing the security gates of the Claude CLI, the skill enables potential data exfiltration. A malicious prompt or a sub-task could use standard tools like curl or wget to transmit environment variables, credentials, or source code to external servers.
[COMMAND_EXECUTION]: The environment variable CLAUDE_EXTRA_ARGS is appended to the command array without quoting (e.g., CMD+=($CLAUDE_EXTRA_ARGS)). This allows for flag injection into the claude process, which could be used to manipulate the sub-agent's behavior if the environment is compromised.

autoresearch-agent