The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches and installs extensions and plugins from unverified external GitHub repositories (github.com/Q00/ouroboros and github.com/supercent-io/skills-template).- [COMMAND_EXECUTION]: A setup script (setup-codex-hook.sh) uses Python to modify the user's local configuration file for the Codex CLI (~/.codex/config.toml) and establishes persistent hooks that execute scripts automatically during agent sessions.- [REMOTE_CODE_EXECUTION]: Installation procedures for Claude, Codex, and Gemini platforms involve executing unverified code from remote sources via npx, claude plugin install, and gemini extensions install commands.- [DATA_EXFILTRATION]: The skill requires WebFetch permissions and implements a 'Consensus' verification phase that may involve transmitting data to external 'Frontier' models or APIs.- [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by processing untrusted project requirements and specification seeds through persistent loops with access to Bash and Write tools (Ingestion: User-provided topics and YAML seeds in SKILL.md; Boundary markers: Absent; Capability inventory: Bash, Write, and WebFetch tools used in Ouroboros loops; Sanitization: No input validation found in setup or logic files).

ralph