The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively uses the Bash tool to perform environment setup, file system modifications, and execution of generated scripts and the ccw CLI tool. Evidence is found in phases/02-structure-generation.md and phases/03-phase-generation.md where the agent is instructed to run shell commands to build the skill structure.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted user input (e.g., skill purpose, action descriptions) in phases/01-requirements-discovery.md and interpolates this data directly into the logic, documentation, and Task prompts of the generated skills.
Ingestion points: Phase 1 uses AskUserQuestion to collect the skill name, purpose, and phase/action definitions.
Boundary markers: The generated outputs use standard Markdown structure, but lack explicit boundary markers or instructions to ignore embedded commands within user-provided descriptions.
Capability inventory: The skill utilizes Bash, Write, Task, Read, and Glob across multiple scripts.
Sanitization: Only basic shell-character escaping (escapePrompt in templates/llm-action.md) is implemented, which does not protect against logical prompt injection.
[DYNAMIC_EXECUTION]: The skill's primary purpose is Category 10 behavior: generating executable content (Bash, Python, and JavaScript scripts) and complex agent prompts at runtime. Specifically, phases/03-phase-generation.md and templates/script-template.md provide logic for assembling and then executing these components using the Bash and Task tools.

skill-generator