The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses and writes to sensitive configuration paths, specifically creating and updating a centralized secrets repository at ${XDG_CONFIG_HOME:-~/.config}/skillctx/config.json. It is designed to scan for and aggregate sensitive data patterns including API keys, bearer tokens (sk-..., xoxb-...), and system-specific absolute paths.
[COMMAND_EXECUTION]: The workflow involves modifying the source code of other skills to include executable scripts. It copies a Python resolver script (scripts/resolve.py) to the target skill's directory and injects instructions into the target skill's SKILL.md file that prompt the agent to execute this script via the command line.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of third-party skill files to identify variables for migration.
Ingestion points: Target skill's SKILL.md and all referenced files within the target skill directory (referenced in SKILL.md).
Boundary markers: No delimiters or 'ignore' instructions are used when parsing the untrusted content of the target skills.
Capability inventory: The skill possesses file-write capabilities (to modify the target skill and its configuration) and instruction-injection capabilities (adding a setup block to the target skill), as implemented in SKILL.md and scripts/resolve.py.
Sanitization: The skill relies on pattern matching for classification and provides a manual confirmation step for the user, but it lacks automated sanitization or escaping of the ingested data during the migration process.

skillctx-ify