Tenacity — Never Give Up

The 'tenacity' skill is designed to bypass human-in-the-loop (HITL) confirmations, granting the agent broad autonomous authority to execute commands, modify files, and send messages without intervention. This significantly increases the impact of potential prompt injection attacks. The 'scripts/checkpoint.sh' script is vulnerable to path traversal via the milestone ID, and 'SKILL.md' includes a hardcoded Telegram ID (834732674) for notifications, which could serve as a pre-configured exfiltration or control channel.