The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run across several scripts (discover_and_spawn.py, pm_monitor.py) to execute shell commands. These calls are directed at the herdr binary and other local utilities to manage terminal panes and agent processes.
[COMMAND_EXECUTION]: To enable necessary communication between the conductor and managed agents (e.g., via sockets and file sharing), the skill explicitly configures backends with reduced sandboxing, using flags such as --dangerously-skip-permissions for Claude and -s danger-full-access for Codex.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes unvetted terminal output from other agents.
Ingestion points: Untrusted data enters the agent context via herdr pane read calls in scripts/pm_monitor.py and scripts/discover_and_spawn.py.
Boundary markers: The skill uses specific prompt templates for its 'decision sub-agent' in references/monitor-mode.md to scope task evaluation, though it does not use explicit data delimiters for the ingested text.
Capability inventory: The skill possesses significant capabilities including subprocess execution, file-writing in ~/.local/state/, and the ability to spawn or close agent panes.
Sanitization: There is no explicit sanitization or filtering of the terminal scrollback data before it is processed by the orchestrator.
[SAFE]: The skill implements robust local state management and 'Power World' structures within the user's home directory and project folders, adhering to standard practices for terminal-based development tools.
[SAFE]: The 'Monitor Mode' for autonomous fleet management is a user-initiated feature with clear documentation regarding its behavior, duration, and safety 'brakes' (such as the PAUSE file mechanism).

herdr-pm-init