The Agent Skills Directory

[COMMAND_EXECUTION]: The initialization scripts perform local file system operations such as creating directories and writing configuration files. These actions are restricted to the local workspace and are necessary for the skill's primary function.
[REMOTE_CODE_EXECUTION]: The tool generates Python scripts from internal templates and sets their execution bits during setup. This dynamic code generation is localized and uses hardcoded templates rather than external content.
[PROMPT_INJECTION]: The skill facilitates instruction generation from user input, creating a surface for indirect prompt injection. The tool mitigates structural risks through input normalization and YAML-compliant quoting of user-provided strings. Ingestion points: Skill planning phase in SKILL.md. Boundary markers: YAML frontmatter and Markdown headings. Capability inventory: init_skill.py (file-write, chmod), generate_openai_yaml.py (file-write). Sanitization: normalize_skill_name regex and yaml_quote string escaping.
[SAFE]: No obfuscation, data exfiltration, or persistence mechanisms were found. The skill operates as a standard developer tool with appropriate security checks like yaml.safe_load and regex-based name validation.

skill-creator