The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Write and Bash tools to dynamically generate and store new skill definitions (SKILL.md files) within the .claude/skills/ directory. This behavior constitutes dynamic code generation, allowing the agent to expand its own instruction set and capabilities at runtime based on perceived needs or user input.
[PROMPT_INJECTION]: The automated skill creation workflow introduces a significant surface for indirect prompt injection, as it translates user-defined 'team needs' into persistent instructions. * Ingestion points: User descriptions of roles and missing expertise provided during the team design process in SKILL.md. * Boundary markers: Absent; the skill lacks delimiters or explicit instructions to prevent the agent from obeying instructions embedded within the user-provided data. * Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit, which are used to implement the generated skills. * Sanitization: Absent; the skill does not perform validation or escaping of the content before writing it to the new SKILL.md files, potentially allowing an attacker to inject malicious logic into the agent's permanent library.

team-builder