The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is configured to use the Bash tool to perform filesystem operations, specifically searching for existing skills using the command find .claude/skills -type d -name "*keyword*".
[REMOTE_CODE_EXECUTION]: The skill implements an 'Adaptive Skill Creation' workflow. It is instructed to dynamically generate new skills (files written to the filesystem) using skill-coach and immediately integrate them into its execution plan. This runtime generation and subsequent execution of new logic is a form of dynamic code execution that could be exploited to run unauthorized commands if the creation process is compromised.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its role as a synthesizer of multiple external inputs.
Ingestion points: Aggregates data from user requests and the outputs of multiple 'Specialist Skills' (e.g., Research Analyst, Web Design Expert).
Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the data retrieved from specialists.
Capability inventory: The skill possesses powerful capabilities including Bash, Write, Edit, and the ability to trigger Task execution and new skill creation.
Sanitization: There is no evidence of sanitization or validation of the data received from specialists before it is used to inform orchestration decisions or skill creation prompts.

orchestrator