The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted data from CSV files and presents it to the agent without sanitization. * Evidence Chain: (1) Ingestion: scripts/core.py reads CSVs from the data/ folder via _load_csv. (2) Boundaries: No delimiters or instructions to ignore embedded commands are included in the search results formatted in scripts/search.py. (3) Capabilities: The skill is limited to local file reading and string processing; no network or write capabilities are present. (4) Sanitization: No content filtering or escaping is performed on the data retrieved from the CSV files.
Dynamic Execution (LOW): The script scripts/search.py modifies the Python search path (sys.path) at runtime to load a module from the user's home directory (~/.claude/scripts). This allows for dynamic loading of code from a computed path which could be exploited if the home directory is shared or compromised.

ui-ux-pro-max