The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill automates the installation of numerous global CLI tools (Vercel, Supabase, Stripe, AWS, etc.) and Node.js packages via npm and npx. While these target well-known services from trusted organizations (Anthropic, Vercel, Supabase, etc.), it involves executing installation scripts from external registries.\n- COMMAND_EXECUTION (LOW): Extensive use of the Bash tool to perform environment checks, install packages, and authenticate CLIs. This is the core functionality of the skill and is required for its intended purpose.\n- REMOTE_CODE_EXECUTION (LOW): The skill supports installing third-party Claude Code skills via 'npx skills add owner/repo'. This pattern allows for the dynamic acquisition and execution of arbitrary skill code from GitHub repositories.\n- DYNAMIC_EXECUTION (LOW): The skill configures 'PostToolUse' hooks in .claude/settings.json which automatically execute shell commands (e.g., linting, type-checking) after file modifications. This is a standard but powerful persistence and execution mechanism within the Claude Code ecosystem.\n- DATA_EXPOSURE (SAFE): The skill scans .env files to detect active services but specifically limits extraction to variable names (e.g., SUPABASE_URL) rather than values, preventing accidental credential exposure.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from package.json, .env names, and directory structures. Evidence Chain:\n 1. Ingestion points: package.json, .env, .mcp.json, directory listings.\n 2. Boundary markers: Absent during file reads.\n 3. Capability inventory: Bash, Write, Edit, Glob, Grep in SKILL.md.\n 4. Sanitization: Not explicitly implemented for file contents used in command construction.

setup-claude