The Agent Skills Directory

[DATA_EXPOSURE]: The skill reads and modifies ~/.claude/settings.json to update the spinnerVerbs field. This file contains agent configuration and potentially sensitive information. The instructions limit the modification to a single UI-specific field.\n- [INDIRECT_PROMPT_INJECTION]: The skill fetches data from an external source (GitHub) and writes it to a local configuration file. This pattern represents a theoretical attack surface where malicious content in the remote repository could influence the agent, though the risk is minimized by the use of vendor-controlled resources and the specific nature of the data (UI strings).

install-spinner