The Agent Skills Directory

[No Code] (SAFE): The skill contains only documentation files (.md) and no executable code, scripts, or active agent instructions.
[Indirect Prompt Injection] (SAFE): While the documentation describes features that interpolate user input into prompts and commands (e.g., $ARGUMENTS), the files themselves are educational and do not implement an exploitable surface. The documentation explicitly promotes the use of allowed-tools to mitigate risks associated with such features. Evidence: 1. Ingestion points: $ARGUMENTS and positional variables ($1, $2) in command definitions. 2. Boundary markers: Absent in basic usage examples. 3. Capability inventory: Describes tools including Bash, Read, Write, Edit, and WebFetch. 4. Sanitization: Documentation does not explicitly demonstrate input sanitization, but focuses on capability restriction as a primary defense.

create-slash-commands