The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses sensitive configuration files located at ~/.config/claude-omc/config.jsonc. Reading from the user's home configuration directory is a high-privilege action that can expose environmental secrets or credentials if improperly handled.
[COMMAND_EXECUTION]: Instructs the agent to execute a wide array of system commands, including background builds, package installations (npm install, pip install, cargo build), and container management (docker build). It also utilizes a custom CLI omc ask codex to perform code reviews.
[EXTERNAL_DOWNLOADS]: Prompts the agent to install third-party dependencies from external registries at runtime, which can lead to the execution of unverified or malicious code within the user's environment.
[PROMPT_INJECTION]: Contains logic to explicitly ignore or 'sanitize' specific user-provided prompt arguments (specifically --no-prd), which allows the skill to override user-defined execution constraints.
[PROMPT_INJECTION]: The skill functions as an Indirect Prompt Injection surface by processing external task data.
Ingestion points: Reads from project files prd.json, progress.txt, and data returned by the companyContext.tool MCP interface.
Boundary markers: Includes a directive to treat tool output as 'quoted advisory context', but lacks clear delimiters or warnings for instructions embedded within the prd.json or project source code.
Capability inventory: High capability to execute shell commands, perform file system writes, and delegate tasks to sub-agents (Opus/Sonnet tiers).
Sanitization: No explicit sanitization or validation of the content within the prd.json state file is described.
[DATA_EXFILTRATION]: Forwards task summaries and project metadata to a remote companyContext.tool if configured in the user's local settings, representing a potential data leakage path for project-specific information.

ralph