The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires cloning a full repository from an untrusted external source: https://github.com/msitarzewski/agency-agents.git. This source is not associated with any verified organization or well-known service.
[COMMAND_EXECUTION]: The installation instructions direct the user to grant execution permissions (chmod +x) and run multiple shell scripts (./scripts/convert.sh and ./scripts/install.sh) from the downloaded repository. These scripts run with the user's local privileges.
[REMOTE_CODE_EXECUTION]: The combination of fetching code from a remote, untrusted repository and executing it locally constitutes a remote code execution pattern. The logic within these scripts is opaque and could perform any action on the host system.
[DATA_EXFILTRATION]: The install.sh script is designed to auto-detect and modify configuration directories for multiple tools, including Claude Code (~/.claude/agents/), Cursor, Copilot, Aider, and Windsurf. This capability could be used to harvest project data or inject malicious instructions into other developer tools.
[PROMPT_INJECTION]: The skill downloads over 50 specialized agent files intended to be used as system prompts. This creates a significant attack surface for indirect prompt injection, as any of these files could contain instructions to override AI safety guidelines or exfiltrate data when activated.
[METADATA_POISONING]: The skill makes a suspicious claim of having '51,000+ stars' in its description. Such deceptive claims are often used to build false trust and encourage users to bypass security precautions during installation.

agency-agents-ai-specialists