The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes arbitrary shell commands defined in the optimization specification's measurement.command field. This is handled by scripts/measure.sh, which uses bash -c to run the command. This allows for unrestricted command execution within the environment whenever the optimization loop runs.
[DATA_EXFILTRATION]: The scripts/experiment-worktree.sh script automatically discovers and copies all .env* files from the repository root into every experiment worktree created during the optimization process. This increases the exposure of sensitive credentials and environment variables by duplicating them across multiple local directories.
[PROMPT_INJECTION]: The skill possesses a significant surface for indirect prompt injection. It ingests untrusted data from the repository (the code being optimized) and uses it to generate new code variants and judge results. This could allow malicious instructions embedded in the codebase to influence the agent's behavior, subvert the optimization logic, or manipulate the scoring rubric.
[COMMAND_EXECUTION]: The skill performs automated Git management, including branch creation and the use of git worktree. It also modifies files within the scope.mutable defined in the user's specification. This automated manipulation of the repository structure and content requires high privileges and should be monitored.

ce-optimize