The Agent Skills Directory

[Command Execution] (MEDIUM): The workflow for repository analysis (repo-analysis.md) directs the agent to execute shell commands including git clone and repomix on URLs provided through user input, creating a risk of executing or processing malicious code from untrusted repositories.\n- [External Downloads] (MEDIUM): The skill recommends performing global software installations via npm install -g repomix in its repo-analysis.md workflow, which modifies the host system's global state and requires elevated privileges.\n- [Data Exposure & Exfiltration] (MEDIUM): The env-loader.js utility contains logic that traverses parent directories (up to .claude/.env) to find and read environment variables. This behavior can lead to the exposure of credentials or secrets that belong to other skills or the broader system context.\n- [Data Exposure & Exfiltration] (LOW): fetch-docs.js transmits the CONTEXT7_API_KEY to context7.com. While this is core to the skill's purpose, the domain is not part of the defined trusted source list.\n- [Indirect Prompt Injection] (LOW): The skill ingests documentation data from external URLs via https.get in fetch-docs.js and processes it for agent consumption. This represents an attack surface for instructions embedded in external documentation.\n
Ingestion points: scripts/fetch-docs.js (downloads content from context7.com or other URLs).\n
Boundary markers: Absent in the scripts and workflows.\n
Capability inventory: git clone, npm install, https.get, fs.readFileSync.\n
Sanitization: None detected in script logic.

docs-seeker