The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various shell commands to perform maintenance and synchronization tasks. Specifically, it uses git for committing and pushing updates to a remote repository, npx to add or update skill definitions, and python to execute a local test harness (tests/run_tests.py).
[REMOTE_CODE_EXECUTION]: The CURATE operation employs the command npx -y skills add gasserane/personal-skills --all -y, which downloads and integrates code from an external GitHub repository. Although the repository belongs to the skill's author, this represents a mechanism for remote code acquisition and execution.
[EXTERNAL_DOWNLOADS]: The skill interacts with external network resources through git and npx operations to manage repositories, and it uses WebSearch capabilities to perform DOI and institutional URL verification for citations.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests, summarizes, and extracts data from various external document formats (PDF, DOCX, etc.) and research artifacts. Malicious instructions embedded in these documents could attempt to influence the agent's behavior during automated wiki ingestion or skill curation phases, as the instructions do not specify boundary markers or content sanitization.

li