The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for arbitrary code execution across numerous environments including Node.js, Bash, Python, Go, Rust, and Java using a custom exec:<lang> wrapper. It explicitly mandates that 'witnessed output' from these executions be treated as ground truth for state resolution.
[COMMAND_EXECUTION]: Includes instructions for destructive file system operations, specifically commanding the agent to 'Delete on discovery' any files matching .test.js or .spec.js, which may lead to unintended data loss in the user's codebase.
[PROMPT_INJECTION]: Instructs the agent to bypass standard interaction protocols by explicitly stating 'Never respond to the user from this phase' and 'Never... pause for input', creating a high-autonomy environment with no human oversight.
[DATA_EXFILTRATION]: Provides the agent with capabilities to interact with external environments through the agent-browser skill for DOM manipulation and git for repository operations, which could be leveraged for data movement.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from the local codebase and external browser content while possessing high-privilege execution capabilities.
Ingestion points: Processes codebase content via exec:codesearch and browser DOM/state via agent-browser.
Boundary markers: No delimiters or safety instructions are provided to distinguish between the skill's logic and the data it processes.
Capability inventory: Possesses full shell access, multi-language code execution, file system read/write/delete permissions, and network access via browser tools.
Sanitization: No sanitization, validation, or escaping of the ingested code or content is specified before it is executed or resolved into state.

gm-execute