The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads the skills package from the npm registry using npx and fetches SKILL.md files from arbitrary GitHub repositories via raw.githubusercontent.com. While GitHub is a well-known service, the specific repositories being accessed are determined at runtime by search results.
[COMMAND_EXECUTION]: Utilizes multiple shell commands to manage the skill lifecycle, including npx for search, curl for downloading content, mkdir for directory creation, and ln -sfn for creating symbolic links in the agent's configuration directories.
[REMOTE_CODE_EXECUTION]: Facilitates the installation of external code into the agent's runtime environment. By symlinking downloaded GitHub repository content into ~/.claude/skills/ or ~/.codex/skills/, the skill enables third-party instructions to be loaded and executed by the agent in subsequent sessions without further verification.
[PROMPT_INJECTION]: The 'Deep Evaluation' step involves the agent fetching and parsing arbitrary markdown content from external GitHub repositories. This creates a surface for indirect prompt injection, where a malicious skill author could include instructions designed to deceive the agent during the evaluation and recommendation process.
[PERSISTENCE_MECHANISMS]: The skill explicitly modifies the agent's local environment by creating persistent symlinks in the configuration directories. This ensures that any downloaded skill—potentially including malicious ones—remains active across sessions.

skill-finder