The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes arbitrary bash commands retrieved from the 'convergence.verification' field of external JSON task files, enabling arbitrary command execution on the host system.
Evidence: SKILL.md Phase 3, Step 3.2 uses 'Bash(verification)' to run the command specified in the JSON.
[REMOTE_CODE_EXECUTION]: The execution logic permits network-enabled tools like 'curl' to be executed if present in the task data, facilitating potential remote script execution.
Evidence: The 'isExecutableCommand' helper function explicitly includes 'curl' in its whitelist.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted task data and uses it to guide the agent's editing and writing behavior without sanitization or boundary markers.
Ingestion points: .task/*.json files processed in Phase 1.
Boundary markers: Absent; task descriptions and criteria are interpolated directly into the execution loop.
Capability inventory: Bash, Read, Write, Edit, Grep, Glob, AskUserQuestion.
Sanitization: Absent for descriptive fields and minimal regex-based validation for verification commands.

unified-execute-with-file