The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill represents a significant injection surface by taking untrusted user input (skill name and description) and interpolating it directly into generated SKILL.md files and Slack messages. This facilitates the distribution of malicious instructions or phishing links within a team environment.
Ingestion points: User-provided skill name and description during the initialization stage.
Boundary markers: Absent; no delimiters are used to isolate user input from the generated file structure or Slack blocks.
Capability inventory: The skill has permissions for file-system write access, directory creation, ZIP packaging, and external Slack messaging via Rube.
Sanitization: No input validation or escaping mechanisms are described to prevent the inclusion of malicious markdown or control characters in the shared summaries.
[Command Execution] (MEDIUM): The documentation specifies that the skill uses Python 3.7+ scripts to automate the creation of the directory structure and files. Since these scripts are not provided in the source for auditing, their safety cannot be verified, particularly regarding how they handle potentially shell-sensitive characters provided in user-defined skill names.

skill-share