The Agent Skills Directory

[Remote Code Execution] (HIGH): The skill clones a repository from https://github.com/AvivK5498/Claude-Code-Beads-Orchestration and immediately executes a Python script (bootstrap.py) contained within it. This source is not within the trusted repository scope, posing a risk of arbitrary code execution.
[External Downloads] (HIGH): The skill downloads code in Step 2 (git clone) and 'specialist agents' in Step 4 from external sources without integrity verification or version pinning.
[Command Execution] (HIGH): The bootstrap script is designed to install software using system package managers (brew, npm, go) and modify core configuration files such as .claude/settings.json.
[Indirect Prompt Injection] (HIGH): The discovery agent in Step 4 processes data from untrusted project files to generate and write new agent definitions to .claude/agents/. 1. Ingestion points: Project files (package.json, requirements.txt, Dockerfile) and an 'external directory' of specialist agents. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the processed data. 3. Capability inventory: The skill can write files to the .claude/agents/ and .claude/hooks/ directories and execute shell commands via Python. 4. Sanitization: Absent; the skill does not specify any validation or filtering of the content ingested from the project files before using it to define agent behaviors.

create-beads-orchestration