The Agent Skills Directory

[COMMAND_EXECUTION]: The launch.sh script extracts the branch field from fleet.json and interpolates it into a shell command string that is executed via bash -c in a tmux session. Since the branch name is not validated against a safe character set, a malicious configuration file could inject arbitrary commands (e.g., using backticks or semicolons).
[COMMAND_EXECUTION]: The status.sh script extracts cost and usage metrics from worker log files and injects them directly into python3 -c and awk command strings for calculation. If an agent's session log is manipulated to return a specially crafted string instead of a number, it can lead to arbitrary code execution when the operator runs the status command.
[COMMAND_EXECUTION]: The overall architecture of the skill relies on complex dynamic code generation and string interpolation across launch.sh, worker-spawn.sh, and status.sh. The transition of data from JSON files through shell variables into multiple execution environments (Tmux, Python, Awk) creates a high risk of injection vulnerabilities due to inconsistent sanitization.
[EXTERNAL_DOWNLOADS]: The skill relies on external CLI tools such as claude, codex, pi, and tmux. While these are well-known developer tools, the skill requires them to be present in the system environment to function.

worktree-fleet