The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/init_skill.py modifies file permissions using chmod(0o755) on the example.py template file it generates. This is used to ensure that newly created skill scripts are executable by default.
[PROMPT_INJECTION]: The skill processes untrusted user-provided inputs through its automation scripts, creating a surface for potential indirect prompt injection. 1. Ingestion points: Command-line arguments for skill names and paths in scripts/init_skill.py and scripts/package_skill.py, as well as YAML frontmatter in SKILL.md analyzed by scripts/quick_validate.py. 2. Boundary markers: No explicit boundary markers or 'ignore' instructions are used to wrap user-provided data during processing. 3. Capability inventory: The skill is capable of directory creation (mkdir), file writing (write_text), and permission modification (chmod) via its bundled initialization script. 4. Sanitization: scripts/quick_validate.py uses yaml.safe_load() for secure parsing and implements regex-based validation for skill identifiers to ensure they follow specific naming conventions.

skill-creator