The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation references a Claude Code installation command that fetches a script from https://claude.ai/install.sh and pipes it directly into a bash shell. This source is recognized as the official domain for Anthropic, a trusted organization.
[COMMAND_EXECUTION]: The skill manages several bash-based hooks and wrapper scripts. Specifically, the wrap-git-with-nix-develop.sh script intercepts bash tool execution to wrap commands in a specific development environment. Additionally, various notification hooks (stop-notification.sh, ask-notification.sh, etc.) execute curl commands to send data to the Pushover notification service.
[PROMPT_INJECTION]: The implementation of PreToolUse hooks creates an attack surface for indirect prompt injection by processing untrusted tool inputs. \n
Ingestion points: The hooks ingest data from tool_input.command as documented in references/troubleshooting.md. \n
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided hook scripts. \n
Capability inventory: The skill utilizes the ability to modify tool inputs via the updatedInput field and authorize execution with permissionDecision: \"allow\". \n
Sanitization: While the scripts use jq and Base64 encoding for shell-level safety and JSON formatting, they do not perform logical sanitization of the commands to prevent malicious instructions embedded within strings.

configuring-claude-code