The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates downloading code from external sources via skillhub install <slug> and arbitrary GitHub repositories using skillhub install-github <url>. These sources are outside the immediate control of the platform.
[REMOTE_CODE_EXECUTION]: After installation, the skill instructs the agent to load the newly acquired content using the read_skills tool. This process executes the logic contained within the downloaded skills, effectively performing remote code execution of third-party content.
[COMMAND_EXECUTION]: The skill makes extensive use of shell_exec to run the skillhub CLI and internal Python scripts. It interpolates user-controlled variables like <keyword>, <slug>, and <code> directly into shell commands, which creates a significant surface for command injection attacks.
[CREDENTIALS_UNSAFE]: The script scripts/_context.py programmatically accesses sensitive local paths including .credentials/init_client_message.json and .chat_history/magic<main>.session.json to extract session metadata such as topic_id, project_id, and model_id. Accessing credential and history files is a high-risk operation.

find-skill