The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (SAFE): The skill recommends installing the commander package via bun add. commander is a standard and trusted Node.js package. The workflow involves executing locally developed scripts (./cli.ts), which is expected behavior for a developer-oriented skill.\n- Data Exposure & Exfiltration (SAFE): The skill references local paths such as ~/.claude/Bin/ and ~/Projects/ to locate CLI source code. This access is necessary for the stated purpose of modifying existing tools and does not involve exfiltration of sensitive data.\n- Indirect Prompt Injection (SAFE): The workflows involve reading existing source code files (Ingestion points: ~/.claude/Bin/ and ~/Projects/). While this creates a surface for indirect prompt injection from malicious local codebases, the skill itself does not process untrusted external data (e.g., from URLs), and the capability (script execution and file modification) is appropriate for its primary purpose. Boundary markers and sanitization are not explicitly defined as is typical for development workflows.

CreateCLI