The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by interpolating file contents using subshells (e.g., $(cat PROMPT.md)). This pattern is susceptible to command injection if the source files are manipulated to include shell metacharacters or malicious commands.
[COMMAND_EXECUTION]: Instructions within the skill promote the use of auto-approval flags that intentionally disable security prompts, such as Codex's --yolo flag and Claude Code's --dangerously-skip-permissions. These settings remove essential guardrails and allow autonomous agents to perform potentially destructive actions without user oversight.
[REMOTE_CODE_EXECUTION]: The skill's core function is the invocation of autonomous coding agents which fetch instructions from remote AI providers and execute them locally. This creates a chain of execution where the security of the local environment depends entirely on the outputs of external models.
[COMMAND_EXECUTION]: The skill leverages the exec and process tools with full TTY support (pty: true) to manage interactive CLI sessions. While necessary for the stated purpose, this provides a highly capable execution environment that an orchestrated agent could abuse if its objectives are misaligned or compromised.

ralph-loop