The Agent Skills Directory

[COMMAND_EXECUTION]: The skill explicitly documents and provides examples for 'Dynamic Context Injection' using the !command syntax. While the provided examples like ls and date are used for context gathering, this feature executes shell commands locally when a skill is loaded.
[DATA_EXPOSURE_AND_EXFILTRATION]: Documentation includes examples of using shell commands to access local file system metadata, such as listing files in the user's home directory (ls -t ~/Obsidian/).
[INDIRECT_PROMPT_INJECTION]: The skill acts as a factory for generating other instructions (SKILL.md files) based on user input. This creates a surface where malicious user input could result in the creation of skills with hidden or harmful instructions.
Ingestion points: User input provided during the requirements gathering phase (Step 1).
Boundary markers: Not specified in the generation template.
Capability inventory: Uses the Write tool to create persistent instruction files in ~/.claude/skills/.
Sanitization: No explicit validation or sanitization of user-provided capability descriptions or trigger words is mentioned before writing to the file system.

skill-factory