The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs broad recursive filesystem searches using find and ls commands to identify potential skills and agents. It specifically targets sensitive directories such as ~/.claude/ and its subdirectories to locate executable definitions.- [EXTERNAL_DOWNLOADS]: It identifies and executes content located in ~/.claude/plugins/cache/. This directory typically stores assets downloaded from remote sources by other plugins, leading to the potential execution of unverified external code discovered at runtime.- [DATA_EXFILTRATION]: The skill accesses and reads local configuration files, including installed_plugins.json, and scans user-specific agent and skill definitions. This represents a data exposure risk for local configuration and proprietary agent logic found in the environment.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests external markdown files (plans and solved solutions) and interpolates their contents into instructions for parallel sub-agents without any sanitization, validation, or boundary markers to prevent malicious instructions within those files from overriding agent behavior.

deepen-plan