The Agent Skills Directory

[DATA_EXFILTRATION]: The run-grug-loop.sh script executes the opencode tool with a --share flag. This functionality typically creates a public sharing link or tunnel to the agent's session, which provides remote access to the host's command line and repository files.
[PROMPT_INJECTION]: The agent's core function involves reviewing content (code and task specifications) provided by an external system, which represents a surface for indirect prompt injection attacks.
Ingestion points: Content is retrieved using the bd list command and directory-wide file searches.
Boundary markers: There are no instructions or delimiters provided to prevent the agent from executing instructions contained within the data it reviews.
Capability inventory: The execution environment provides the agent with full shell access via the opencode runner.
Sanitization: Input data is not validated or sanitized before being processed by the agent.
[COMMAND_EXECUTION]: The skill uses several command-line tools for its operation, including bd for task management and opencode for running the agent loop.

grug