The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent and user to execute commands such as pnpm dlx shadcn-svelte@latest init and add in SKILL.md and references/cli.md. These commands download and execute code from a repository and author not included in the trusted whitelist, posing a high risk of remote code execution.
[COMMAND_EXECUTION] (HIGH): Extensive instructions for shell command execution are present throughout the skill (e.g., references/installation/manual.md, references/components/form.md). These commands modify the local file system and install various third-party packages.
[EXTERNAL_DOWNLOADS] (MEDIUM): The 'Custom Registry' feature (detailed in references/registry/getting-started.md) allows components to be fetched from arbitrary, potentially untrusted URLs (e.g., https://example.com/r/editor.json). This introduces a significant supply chain vulnerability.
[MALICIOUS_URL] (HIGH): An automated scanner detected a phishing URL Card.Co linked to SKILL.md. Although this may be a false positive arising from component naming (e.g., Card.Content), it requires verification as the domain is often associated with malicious landing pages.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted input such as component names and project configurations which are then interpolated into shell commands and file operations.
Ingestion points: User-provided CLI arguments and registry item definitions in components.json.
Boundary markers: None implemented in the provided documentation.
Capability inventory: File system access, network requests, and subprocess execution across 65 documentation files.
Sanitization: No evidence of sanitization or strict validation of external registry payloads before integration.

shadcn-svelte