The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses extensive shell command execution via subprocesses. Most significantly, _shared/tools/dependency-utils.sh includes helper functions to install system packages using sudo apt-get install, as well as brew, apk, and yum, acquiring elevated permissions.
[EXTERNAL_DOWNLOADS]: The files _cli/cli/dependencies.py and _shared/tools/yaml_compat.py contain logic to automatically fetch and install Python packages from official registries if they are not detected at runtime.
[REMOTE_CODE_EXECUTION]: The orchestration engine in _cli/cli/orchestrator/agent_caller.py invokes the claude CLI using subprocess.run to execute tasks and process the resulting output dynamically.
[DATA_EXFILTRATION]: The framework implements a comprehensive logging system via shell and Python hooks in _shared/tools/hooks/ and _scripts/hooks/. These hooks intercept and write all tool inputs and outputs to local JSONL files, creating a significant data exposure risk for any secrets or private code handled during the session.
[PROMPT_INJECTION]: The skill's design involves reading project files and interpolating their contents into sub-agent prompts via _cli/cli/orchestrator/stage_runner.py. This architecture is vulnerable to indirect prompt injection, where malicious content in a local file could manipulate the orchestrator's decision-making logic.

orchestrate