The Agent Skills Directory

[DATA_EXFILTRATION]: Potential Sensitive Data Exposure. The skill accesses platform-specific configuration files such as .mcp.json, which are known to store sensitive information including API keys, authentication tokens, and private command arguments for Model Context Protocol servers. This information is extracted and included in the final report, potentially exposing credentials within the agent's interaction logs.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill scans the current repository and local system for manifests such as plugin.json and SKILL.md. Malicious descriptions or trigger phrases within these scanned files could influence agent behavior when the discovery report is processed by the agent or a downstream orchestrator.
Ingestion points: Scans plugin.json, SKILL.md, and MCP configuration files globally and in the current workspace.
Capability inventory: Employs Read, Glob, and ToolSearch to aggregate resource metadata.
Sanitization: No explicit sanitization or output delimiting for extracted descriptive text is described in the workflow.
[COMMAND_EXECUTION]: Local Environment Discovery. The skill instructs the agent to use shell logic to verify directory existence and search through platform-specific folders such as ~/.claude, ~/.github, and ~/.gemini to identify installed skills and plugins.

agent-skill-discovery