The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates and instructs the agent to execute bash scripts for tasks such as content deduplication and state management. For example, examples/example-generated-skill/SKILL.md contains executable bash blocks that perform hash computation and file manipulation.
[COMMAND_EXECUTION]: The installation workflow in workflow/phase-5-installation.md explicitly suggests using sudo to resolve permission errors when installing generated skills to global directories like ~/.claude/skills/.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted markdown data from the docs/lessons-learned/ directory to generate the logic and instructions for new skills.
Ingestion points: Markdown files are read from docs/lessons-learned/**/*.md in Phase 1 (workflow/phase-1-discovery.md).
Boundary markers: There are no explicit delimiters or "ignore instructions" warnings implemented when the agent processes the content of these files.
Capability inventory: The skill can write to the local file system (including ~/.claude/skills/) and execute shell commands as described in the generation and installation phases.
Sanitization: While the skill performs "quality filtering" based on actionable items, it lacks security-focused sanitization to prevent malicious instructions embedded in the source markdown from poisoning the output skill.

insight-skill-generator