The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill facilitates the creation of files that enable bash command execution via the ! prefix. Although it documents a security feature (allowed-tools) to restrict patterns, the capability itself presents a risk if misconfigured or if a malicious command is generated by the agent under duress.
[PERSISTENCE] (MEDIUM): The scripts/init_command.py script is designed to write executable-like configuration files to ~/.claude/commands/. This allows instructions and tool-use permissions to persist across sessions for the host application.
[INDIRECT_PROMPT_INJECTION] (LOW): The slash command architecture relies on interpolating untrusted data ($ARGUMENTS and @file references) directly into prompts.
Ingestion points: $ARGUMENTS and @file markers in SKILL.md and references/examples.md.
Boundary markers: Absent; examples show direct interpolation without delimiters or escaping instructions.
Capability inventory: scripts/init_command.py (file-write), and documented Bash tool usage.
Sanitization: None provided in the skill scripts; the skill assumes the host environment handles sanitization.

slash-command-creator