The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill is designed to clone content from https://github.com/aviz85/claude-skills-library.git. This repository and organization are not part of the defined Trusted GitHub Organizations, making the source untrusted for automated code execution.
REMOTE_CODE_EXECUTION (HIGH): The primary function of scripts/install-skill.sh and the instructions in SKILL.md is to download external code and immediately run npm install. This facilitates the execution of unvetted third-party scripts and dependencies within the user's environment.
COMMAND_EXECUTION (MEDIUM): The skill performs several potentially dangerous shell operations including git clone, mkdir -p, cp -r, and npm install. These commands are used to modify the local filesystem and prepare new executable logic for the agent.
PERSISTENCE (MEDIUM): By installing new skills into ~/.claude/skills/, the installer creates a mechanism where downloaded code persists across all future agent sessions. If a downloaded skill is malicious, it gains permanent residency in the agent's logic path.
INDIRECT PROMPT INJECTION (LOW): The skill fetches real-time data from https://aviz.github.io/claude-skills-library/ to determine which skills to install. This is a vulnerability surface where a compromised website could provide malicious installation instructions to the agent.
Ingestion points: WebFetch of aviz.github.io in SKILL.md Step 2.
Boundary markers: Absent; the agent is instructed to use the fetched data to guide the installation flow.
Capability inventory: Full filesystem access (write), network access (git), and command execution (npm).
Sanitization: None detected; the agent processes the fetched skill names and URLs directly into shell commands.

aviz-skills-installer