The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands to spawn nested instances of the agent via the claude CLI. It explicitly instructs the use of the --dangerously-skip-permissions flag, which intentionally bypasses security prompts and user confirmation within the sub-processes.
[REMOTE_CODE_EXECUTION]: The worker handoff logic in references/worker-handoff.md constructs shell commands using string interpolation for variables like source_path and source_id. This pattern creates a risk of command injection if source file paths or identifiers contain shell metacharacters.
[PROMPT_INJECTION]: The skill possesses a high surface area for Indirect Prompt Injection because its core purpose is processing untrusted source materials such as articles and web content.
Ingestion points: Source documents are ingested via arbitrary file paths, glob patterns, and inline content as defined in Phase 0.
Boundary markers: The prompts provided in the reference files for processing these sources do not utilize robust delimiters or specific instructions to ignore embedded instructions within the source text.
Capability inventory: The skill has access to Bash execution, file system reads, and the ability to spawn additional processes.
Sanitization: There is no explicit sanitization or validation of source content before it is processed by the agent workers.

consolidate