The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation section provides commands that download and immediately execute scripts from a remote repository via bash, python, or cmd interpreters without prior review. This pattern is highly susceptible to supply chain attacks or remote compromise. \n
Evidence in SKILL.md: curl -sSL https://raw.githubusercontent.com/cycleuser/Skills/main/quick-install.sh | bash and curl -sSL https://raw.githubusercontent.com/cycleuser/Skills/main/install.py | python. \n- [COMMAND_EXECUTION]: The skill facilitates local command execution through its management scripts and installation instructions. \n
Evidence in SKILL.md: python install.py install and git clone usage. \n- [EXTERNAL_DOWNLOADS]: The skill fetches resources from the author's GitHub repository for core functionality and installation. While the repository belongs to the vendor, the method of direct execution from raw GitHub content is risky. \n- [PROMPT_INJECTION]: The skill implements a mechanism to load and activate agent instructions from multiple workspace directories, creating a surface for indirect prompt injection. \n
Ingestion points: Skill metadata and rule files are loaded from .opencode/skills/ and other workspace paths in SKILL.md and rules/registry.md. \n
Boundary markers: No clear markers or 'ignore' instructions are provided when interpolating external rule content. \n
Capability inventory: The skill can invoke shell commands and manage the agent's behavior via loaded rules. \n
Sanitization: No sanitization or validation logic is described for the content of the loaded skill rules.

skill-manager