The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/run_status_probe.py executes shell commands using subprocess.run(shell=True). The commands are sourced directly from a configuration file (runs.yaml), specifically via the status_command and logs_command fields in the command backend. If this configuration file is modified by an attacker (e.g., via a Pull Request in a repository the agent is working on), it allows for arbitrary shell command execution within the agent's environment.
[REMOTE_CODE_EXECUTION]: The script supports remote execution via SSH in its slurm and runai backends. While it employs shlex.quote for argument sanitization, the ability to trigger remote commands based on workspace configuration is a high-privilege capability that requires careful oversight when dealing with untrusted codebases.
[PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by reading raw log files and external command outputs to generate a 'status artifact' for the main agent. Evidence: scripts/run_status_probe.py reads untrusted data (logs/command output), lacks boundary markers to delimit this data, and utilizes capabilities like shell execution and file writing. There is no sanitization to prevent instructions embedded in logs from being treated as authoritative by the agent when it reads the generated artifact.

run-status-monitor