The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/init_skill.py performs direct file system operations, including directory creation and setting executable bits on generated scripts using chmod 755. These operations are expected for a developer tool but provide a mechanism for host-level modification.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection through its ingestion of user-defined skill names and directory paths. A malicious user could provide crafted names intended to trigger unauthorized actions or file writes.
Ingestion points: Command-line arguments in scripts/init_skill.py and scripts/package_skill.py ingest skill identifiers and file system paths.
Boundary markers: The skill instructions specify a workspace structure, but the scripts do not enforce strict directory isolation between the tool's workspace and the rest of the file system.
Capability inventory: The tool has the capability to create directories, write arbitrary markdown and python code to the disk, and modify file permissions.
Sanitization: Although scripts/quick_validate.py includes regex validation for skill names (^[a-z0-9-]+$), the scripts/init_skill.py script does not actively validate the skill name before performing directory creation and file writes, relying instead on documented instructions and the agent's behavior.

skill-creator