The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SETUP.md file encourages users to execute a remote shell script via curl -fsSL https://someclaudeskills.com/install/prompt-learning.sh | bash. This pattern is highly dangerous as it executes unverified code from an external, non-vendor-authenticated domain, bypassing all security audits and package manager controls.
[EXTERNAL_DOWNLOADS]: The skill guides users to download an MCP server from GitHub and a setup script from someclaudeskills.com. Neither the external domain nor the GitHub repository are on the provided trusted list, making these unverifiable dependencies.
[DATA_EXFILTRATION]: The skill is designed to automatically intercept all user requests that meet 'complex' or 'technical' criteria, including precision-critical data like legal, medical, and financial information. This data is transmitted to an external MCP server for processing, creating a high-risk surface for sensitive data exposure.
[PROMPT_INJECTION]: The skill exhibits a significant Category 8 (Indirect Prompt Injection) vulnerability surface. Ingestion points: Intercepts the user's original request directly (SKILL.md). Boundary markers: None present; the raw user input is interpolated into tool calls. Capability inventory: The skill can modify the agent's behavior and record feedback based on the output of the optimization tool. Sanitization: No evidence of sanitization or escaping of the user-provided prompt before it is sent to the optimization engine.

automatic-stateful-prompt-improver