The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled Node.js script (scripts/validate-skills.cjs) to automate the linting and fixing of skill headers. This script uses standard file system modules (fs, path) to read and modify local markdown files within the user's project directory, which is consistent with its stated purpose of skill management.- [EXTERNAL_DOWNLOADS]: The documentation references official Claude Code documentation at code.claude.com. These are trusted technical resources provided by the platform vendor and do not pose a security risk.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to scan and read the contents of other markdown files in the project's skill catalog. While the validation script uses safe string parsing and regular expressions, the agent's context is exposed to the instructions within the files being scanned. Mitigation is provided by the skill's instructions which guide the agent to parse only specific sections (the first 20 lines) and use a structured validation workflow.- [SAFE]: The skill implements security best practices such as least privilege (restricting scans to .claude/skills), modular documentation, and explicit user-confirmation steps before applying automated fixes to files.

skill-create