The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill generates an entirely new executable skill file at .claude/skills/fork-to-client/SKILL.md. This generated skill contains shell scripts that are dynamically built based on the file structure and content of the current environment.
[COMMAND_EXECUTION]: The generated 'fork-to-client' skill executes complex shell commands via Bash, including gh repo create, git push, and rsync. It also uses sed to perform bulk string replacements, which could be exploited for command injection if the project's file names or content contain shell-sensitive characters.
[CREDENTIALS_UNSAFE]: The skill is specifically designed to scan for and read highly sensitive files, including .env, .mcp.json, .credentials.enc, credentials.json, and various private key formats (*.pem, *.key). While intended for exclusion, the logic relies on the model's ability to identify and redact values accurately from these files.
[PROMPT_INJECTION]: The skill has a large surface for indirect prompt injection. It is instructed to 'Analyze the current agent' by reading files like CLAUDE.md, README.md, and any files discovered via Glob or Grep. Maliciously crafted content within these files could influence the model to include sensitive data in the fork or alter the generated shell scripts.
[DATA_EXFILTRATION]: The primary function is to copy local environment files and transmit them to a new external GitHub repository. There is an inherent risk that secrets, internal documentation, or proprietary code could be exfiltrated if the automated exclusion logic fails or is subverted.

create-fork-skill