The Agent Skills Directory

[PROMPT_INJECTION]: The skill mandates a high degree of autonomy, instructing the agent in the 'Continuous Execution Mode' section to 'automatically advance through tweak steps, without pausing to wait for user input mid-way.' This instruction specifically targets the bypass of human-in-the-loop safety protocols during file modification and command execution. Additionally, the skill creates a surface for indirect prompt injection by ingesting untrusted task descriptions from 'tasks.md' (Ingestion Point) without boundary markers (Boundary Markers: Absent) and executing them via file writes and shell commands (Capability Inventory: mvn/npm/git execution) without sanitization (Sanitization: Absent).
[REMOTE_CODE_EXECUTION]: The skill uses a dynamic discovery pattern to locate and source a shell script ('comet-env.sh') by searching across multiple directories including '$HOME', '.config', and '.gemini'. Sourcing code from a dynamically computed path is a security risk as it allows for the execution of arbitrary commands if a malicious file is placed in any of the searched locations.
[COMMAND_EXECUTION]: The skill performs significant shell operations, including the execution of project-level tools like 'mvn spotless:apply' and 'npm run format', as well as internal framework scripts via variables like '$COMET_BASH', '$COMET_STATE', and '$COMET_GUARD'. These commands are executed based on the state of the local environment and tasks defined in external files.

comet-tweak