The Agent Skills Directory

[DYNAMIC_EXECUTION]: The script scripts/convergence-check.sh uses the . (source) command to load a state file located in the /tmp directory. The path to this file is constructed using a sanitized version of the session name provided by the user. Sourcing files from a shared directory like /tmp is a security risk as it may allow for the execution of arbitrary shell code if an attacker is able to write to the state file.
[INDIRECT_PROMPT_INJECTION]: The skill defines an orchestration workflow that ingests data from external and untrusted sources, including terminal scrollback via tmux capture-pane, git commit logs, and tool outputs. This data is interpolated into prompts for other agents. The provided templates do not consistently use boundary markers or instructions to ignore embedded commands within the processed data, creating a vulnerability where malicious content in a git commit or terminal output could influence agent behavior.
[PROMPT_INJECTION]: The skill includes several prompt templates in references/PROMPTS.md that are designed to override existing agent behavior or constraints, such as the 'Ship-or-Surface' prompt which instructs agents to stop writing prose and strictly follow new execution rules.
[PERSISTENCE]: The documentation in references/CRON-AND-AUTOMATION.md provides instructions and examples for setting up persistence using system cron and crontab to maintain long-running monitoring and orchestration tasks.

vibing-with-ntm