The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions that explicitly bypass human-in-the-loop safety protocols. It directs the agent to "run continuously for hours or days without human intervention" and states "You do NOT ask the user questions during execution. Resolve everything yourself" (SKILL.md:12, 212). This instruction overrides the standard AI assistant practice of seeking user verification for complex or impactful actions.
[REMOTE_CODE_EXECUTION]: The orchestration loop is designed to "Verify results: After each subagent completes, run tests, linter, type checker" (SKILL.md:94). Since these commands are typically defined within the target project's own configuration files (e.g., package.json, Makefile), a malicious project could execute arbitrary code under the guise of standard verification scripts.
[COMMAND_EXECUTION]: The skill makes extensive use of shell capabilities to manage git worktrees, perform merges, and run external development binaries. It dispatches subagents with instructions to modify the filesystem and interact with the git repository directly (SKILL.md:89-106).

arianna-autonomous-agent