The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The instructions in SKILL.md direct the agent to clone a third-party repository from https://github.com/cafe3310/public-agent-skills.git and execute a script located at skills/cafe3310-skill-installer/scripts/install.sh. Downloading and running scripts from unverified external sources is a high-risk pattern that allows for arbitrary code execution.
[COMMAND_EXECUTION]: The skill requires the agent to perform administrative actions including chmod +x to modify file permissions and bash to execute the installer. This provides the external script full execution capabilities on the host environment.
[EXTERNAL_DOWNLOADS]: The skill fetches resources from an external Git repository. While the repository belongs to the skill's author, the lack of integrity checks (like commit pinning or checksums) means the code being executed could change at any time without user awareness.
[PRIVILEGE_ESCALATION]: The installer script scripts/install.sh targets sensitive user-level directories including ~/.agents, ~/.claude, and ~/.gemini. It performs file system operations such as rm -rf and cp -r on these directories, which could lead to accidental or malicious data loss if the target directory contains unrelated sensitive information.

cafe3310-skill-installer