The Agent Skills Directory

[SAFE]: All provided Python tools, including the project analyzer and skill scaffolder, rely exclusively on the Python standard library, ensuring no external package vulnerabilities are introduced.
[COMMAND_EXECUTION]: The skill provides documentation for configuring lifecycle hooks and subagents which involves the execution of shell commands and external developer tools like formatters and linters. The scripts/skill_scaffolder.py tool properly sets executable permissions (0o755) on generated scripts.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from local CLAUDE.md files (ingestion point: scripts/claudemd_optimizer.py). Boundary markers: No specific delimiters or safety instructions are used to wrap the ingested content. Capability inventory: The skill contains scripts with file-write (scripts/skill_scaffolder.py) and directory-read (scripts/context_analyzer.py) capabilities. Sanitization: The tool uses regex-based analysis but does not perform sanitization of the input text for embedded instructions.

claude-code-mastery