The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/run_eval.py and scripts/run_loop.py use subprocess.Popen to execute the claude CLI tool for testing how skills trigger. This allows the skill to automate the testing of agent behaviors.
[PROMPT_INJECTION]: The skill processes evaluation queries from an eval_set.json file which are used to improve skill descriptions via an AI model. This creates a surface for indirect prompt injection where malicious queries could influence the generated descriptions that are subsequently written to the filesystem and executed. Ingestion points: eval_set.json loaded in scripts/run_loop.py. Boundary markers: The prompt in scripts/improve_description.py uses XML-like tags to separate components. Capability inventory: The skill has filesystem write access and the ability to execute CLI tools. Sanitization: There is no explicit sanitization of the generated description text before it is written to the command directory.
[DATA_EXPOSURE]: The eval-viewer/generate_review.py script starts a local HTTP server (defaulting to port 3117) to serve content from the workspace directory for browser review, which could expose files within that directory to other users on the local network.
[EXTERNAL_DOWNLOADS]: The HTML viewer template in eval-viewer/viewer.html includes a script tag to load the SheetJS library from cdn.sheetjs.com to enable Excel file rendering.

create-skill