The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands on the host system through a local REST API (http://localhost:8129/api/spawn) using the command parameter as documented in SKILL.md and references/spawn-api.md.- [CREDENTIALS_UNSAFE]: Instructions in SKILL.md and references/spawn-api.md recommend retrieving an authentication token from /tmp/tabz-auth-token. On many operating systems, the /tmp directory is world-readable, which can lead to the exposure of the authentication token to other users or processes on the same machine.- [PROMPT_INJECTION]: The references/worker-prompts.md file includes a 'Soften Aggressive Language' section that provides techniques to modify instructions (e.g., replacing 'CRITICAL' or 'MUST' with softer phrasing) specifically to avoid triggering model-internal guardrails or instruction filters.- [DATA_EXPOSURE]: The orchestrator pattern described in references/worker-prompts.md defines an attack surface for indirect prompt injection where untrusted data from issue descriptions or file contents could influence the behavior of spawned subagents ('workers') that have shell access.
Ingestion points: Worker prompts generated in references/worker-prompts.md.
Boundary markers: Absent; templates do not include delimiters or instructions to ignore embedded commands.
Capability inventory: Shell access in spawned terminals, session management via tmux, and local API control (documented in SKILL.md and references/spawn-api.md).
Sanitization: Absent; prompt content is interpolated directly into terminal command strings or tmux inputs.

terminals