The Agent Skills Directory

External Downloads (MEDIUM): The documentation in cli.md and dependencies.md instructs users to install the Skip CLI tool (brew install skiptools/skip/skip) and integrate numerous Swift packages from https://source.skip.tools. Neither the GitHub organization 'skiptools' nor the domain 'skip.tools' are included in the list of Trusted External Sources, classifying these as unverifiable dependencies.
Dynamic Execution (MEDIUM): Files bridging.md and cross-platform.md describe the implementation of AnyDynamicObject, which enables dynamic calls to Kotlin and Java APIs from Swift code via reflection. This pattern is used to bridge functionality that is not statically defined, representing a dynamic loading risk.
Command Execution (MEDIUM): The skill provides instructions for a wide range of system-level commands through the skip CLI, including skip android sdk install, skip android emulator create, and skip doctor. These commands modify the local development environment and manage external SDK components.
Indirect Prompt Injection (LOW): As a documentation skill for a transpilation tool, it describes a surface where user-provided code (untrusted data) is processed to generate executable artifacts. While this is the intended function of the tool, it represents an inherent attack surface for indirect injection if the input project files are malicious.
Malicious URL Detection (SAFE): An automated scanner flagged 'logger.info' as a malicious URL. Technical review confirms this is a false positive where a standard logging method call was misinterpreted as a domain (logger.info). No actual malicious URLs were found in the skill content.

skip-dev