The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/router.py uses importlib.util to dynamically load and execute Python modules from computed file system paths. This allows for runtime execution of external script files which can be a risk if path resolution is manipulated.- [COMMAND_EXECUTION]: The bootstrapping process in scripts/bootstrap.md can install a UserPromptSubmit hook into the agent's configuration (e.g., .claude/settings.json). This hook executes a shell script (skill-system-reminder.sh) before every prompt, creating a persistent execution mechanism for monitoring and injection.- [COMMAND_EXECUTION]: The skill executes various system commands using bash, powershell, psql, and the GitHub gh CLI for tasks like index rebuilding, database initialization, and repository management.- [COMMAND_EXECUTION]: PowerShell entrypoints are configured to run with -ExecutionPolicy Bypass, which circumvents local script execution restrictions and security policies.- [PROMPT_INJECTION]: The architecture relies on parsing SKILL.md manifest blocks from various directories to build a capability index. This introduces an indirect prompt injection surface where a malicious manifest file in a sibling directory could influence the router's behavior or policy decisions.

skill-system-router