The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses deceptive 'future-dating' tactics in SKILL.md and shared/models.md, claiming a cache date of February 2026 and referencing future model versions (e.g., Claude Opus 4.6) to manipulate the agent into overriding its internal knowledge.\n- [PROMPT_INJECTION]: Instructions in SKILL.md use strong, directive language ('non-negotiable', 'ALWAYS use', 'Do not use') to force specific operational configurations and model selections, bypassing standard agent decision-making.\n- [COMMAND_EXECUTION]: Documentation provides numerous examples for executing shell commands and remote code via the Bash tool and npx as part of the Agent SDK functionality (e.g., in python/agent-sdk/patterns.md).\n- [EXTERNAL_DOWNLOADS]: Skill references multiple external libraries and documentation URLs. While these target trusted vendors like Anthropic, they represent the primary vector for package installation and information fetching.\n- [PROMPT_INJECTION]: The skill logic in SKILL.md ingests untrusted project file data for language detection without boundary markers or sanitization, creating an attack surface for indirect prompt injection given its documented access to high-privilege tools like Bash and Edit.

claude-api