The Agent Skills Directory

[COMMAND_EXECUTION]: Use of dynamic context injection (exclamation mark and backtick syntax) in SKILL.md to execute the ${CLAUDE_PLUGIN_ROOT}/bin/ops-doctor binary automatically when the skill is loaded.
[CREDENTIALS_UNSAFE]: The Runtime Context instructions direct the agent to access and verify highly sensitive secret management chains, specifically Doppler MCP, Doppler CLI, and local password managers.
[COMMAND_EXECUTION]: Spawns subagents or Agent Teams with the directive to "Fix all errors and warnings" based on diagnostic JSON. This provides the agent with broad authority to execute arbitrary bash commands and perform file system modifications.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted data via WebSearch and WebFetch tools. This external data is used to inform automated repair decisions and bash command execution without sanitization or boundary markers.
[CREDENTIALS_UNSAFE]: Reads ${CLAUDE_PLUGIN_DATA_DIR}/preferences.json, which is a common location for storing sensitive plugin configurations and service credentials.

ops-doctor