The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes 'Self-Evolving Skill' and 'Post-Execution Reflection' sections that direct the agent to autonomously modify the SKILL.md file based on runtime experiences. These instructions encourage the agent to bypass standard behavioral constraints by rewriting its own instruction set.
[COMMAND_EXECUTION]: The skill provides commands for system-level process management and persistence, specifically using launchctl to load and unload daemon configurations. It also includes commands for process termination (pkill), file deletion (rm), and environment modification (source).
[DATA_EXFILTRATION]: The skill instructions involve access to sensitive credential paths, specifically ~/.claude/tools/gmail-tokens/, which stores OAuth access and refresh tokens. While these are necessary for the bot's operation, the exposure of these tokens to the agent environment is documented as a risk factor.
[EXTERNAL_DOWNLOADS]: The skill references external executable components not included in the repository, such as a compiled Swift binary (gmail-oauth-token-hourly-refresher) and a CLI tool (gmail-cli/gmail) located in the author's local directories.

bot-process-control