The Agent Skills Directory

[Data Exposure] (HIGH): The skill explicitly interacts with ~/.claude/.env, a sensitive file path used for storing credentials.
Evidence: references/api-security.md provides instructions for the agent to read, source, and append to this file.
Evidence: references/api-security.md instructs using grep to check for specific variables inside the .env file.
[Command Execution] (MEDIUM): Extensive use of shell commands for filesystem manipulation and script management.
Evidence: workflows/add-script.md and workflows/add-workflow.md use mkdir, cat, and ls on user-controlled paths.
[Privilege Escalation] (MEDIUM): The skill automatically modifies file permissions for newly created scripts.
Evidence: workflows/add-script.md: chmod +x ~/.claude/skills/{skill-name}/scripts/{script-name}.sh.
[Unverifiable Dependencies] (MEDIUM): The skill encourages the installation of arbitrary packages from public registries.
Evidence: references/executable-code.md suggests running pip install pypdf.
[Indirect Prompt Injection] (LOW): The audit and verification workflows ingest external skill files which could contain malicious instructions.
Ingestion points: cat ~/.claude/skills/{skill-name}/SKILL.md in workflows/audit-skill.md and workflows/verify-skill.md.
Boundary markers: None present; the agent is instructed to read the full content of potentially untrusted skill files.
Capability inventory: Filesystem write access, script execution (chmod +x), and network operations via WebSearch and Context7 MCP.
Sanitization: None; the agent processes the raw content of the ingested files to generate reports or apply fixes.

create-agent-skills