The Agent Skills Directory

[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill encourages the installation and execution of the third-party tools ccstatusline and ccusage via bunx or npx. These tools are fetched from the npm registry and originate from unverified community sources (sirmalloc and ryoppippi). The use of the @latest version tag increases risk by dynamically fetching and executing the most recent code version without integrity verification or pinning.- [COMMAND_EXECUTION]: The skill provides scripts and instructions to modify the agent's environment to execute shell commands and scripts (e.g., ~/.claude/statusline.sh) every time the status line updates. This mechanism allows for frequent, automated code execution at runtime.- [DATA_EXPOSURE_AND_EXFILTRATION]: Example scripts, such as examples/peacock-statusline.sh, are designed to read the session transcript file located at transcript_path. This file contains the full history of the user's interaction with the agent, which is considered sensitive session data. While intended for displaying metrics, accessing this file constitutes an exposure risk.- [INDIRECT_PROMPT_INJECTION]: The skill processes external data such as project directories and git branch names to display them in the status line. This ingestion of untrusted environment data creates a potential surface for indirect injection if the data is not strictly sanitized before being rendered or used in further tool calls.

statusline-setup