The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to generate and execute a Node.js CLI tool ("swarm") that drives a multi-agent pipeline. It specifically configures the Claude CLI with the "--dangerously-skip-permissions" flag. This flag is a security bypass that allows the agent to perform dangerous operations, such as writing files or executing shell commands, without requiring user confirmation, granting sub-agents unmediated access to the host environment.
[DATA_EXFILTRATION]: The configuration generated by the skill ("swarm.yaml") instructs a "reviewer" agent to automatically "Git commit and push everything" upon task completion. This automated push to remote repositories poses a risk of exfiltrating sensitive local data, such as credentials, environment variables, or private source code, without human review.
[EXTERNAL_DOWNLOADS]: The skill directs the agent to install "playwright-cli" from a well-known technology provider using npm if it is not already present.
[PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by creating sub-agents that process project data and instructions from "SPEC.md" and the broader codebase.
Ingestion points: Data is ingested from "SPEC.md" and the existing codebase files in the current working directory.
Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are included in the generated agent prompts to isolate untrusted data.
Capability inventory: The system possesses broad capabilities, including file system access, shell command execution via the generated CLI, and network access via git operations.
Sanitization: There is no evidence of sanitization or validation of the codebase content or specifications before they are processed by the agent team.

swarm-skill