The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilize shell commands to manage the filesystem and version control, including ln -sf for creating symbolic links in configuration directories (~/.agents/skills/ and ~/.claude/skills/) and git commands for repository management. While the use of user-supplied <skill-name> in file paths presents a potential path traversal surface, the skill includes explicit naming rules (lowercase, numbers, and hyphens only) to mitigate this.
[PROMPT_INJECTION]: The skill processes user-supplied content to generate new agent skills, which presents an indirect prompt injection surface. Malicious instructions in the input could be persisted in the resulting skill files. 1. Ingestion points: User requests and content provided to be turned into skills. 2. Boundary markers: Absent; no specific instructions to use delimiters or ignore embedded commands. 3. Capability inventory: Directory creation, symbolic link creation, and network operations via Git. 4. Sanitization: None; the skill creates files directly from provided content.

creating-skills