The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides commands such as sp tab new and sp pane split that allow for the execution of arbitrary shell scripts using the --script flag or trailing arguments after --. Additionally, sp agent install-hook modifies system-level configuration files (e.g., ~/.claude/settings.json and ~/.codex/hooks.json), altering the behavior of other applications.
[DATA_EXFILTRATION]: The sp pane capture command enables the agent to read visible output and scrollback history from any terminal pane. This presents a risk of exposing sensitive information such as credentials, private keys, or confidential data previously displayed in the terminal session.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ability to ingest untrusted data from the terminal environment. Ingestion points: sp pane capture (references/pane.md) reads terminal contents, and sp agent receive-agent-hook (references/agent.md) processes external event data from stdin. Boundary markers: No specific delimiters or warnings are used to distinguish between data and instructions. Capability inventory: The skill can execute shell scripts via sp tab new, send input to panes with sp pane send, and modify other agent configurations using sp agent install-hook. Sanitization: There is no evidence of sanitization or validation of the ingested terminal output or hook payloads before they are processed.

supaterm