The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The add_skill.py script downloads Python scripts and markdown instructions from external GitHub repositories and saves them locally. These scripts are intended for immediate registration and execution by the agent, allowing for the deployment of unverified third-party code.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to skills.sh for search queries and to api.github.com and raw.githubusercontent.com to retrieve repository metadata and raw file contents.
[COMMAND_EXECUTION]: The script writes downloaded files to the local filesystem using os.makedirs and open().write(). It does not perform sufficient path validation, making it vulnerable to path traversal attacks if a malicious repository contains file paths or skill names with .. sequences, potentially allowing it to overwrite system files.
[CREDENTIALS_UNSAFE]: The script accesses the GITHUB_TOKEN environment variable to authenticate requests to the GitHub API. This sensitive credential is used to interact with external services and could be exposed if the skill's environment is compromised.
[PROMPT_INJECTION]: The SKILL.md file contains instructions with 'CRITICAL' markers that attempt to override the agent's default tool-calling behavior and interaction flow, specifically regarding how it handles user confirmation before executing tools.

skill-finder