The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute shell and Python scripts (./scripts/validate-all-plugins.sh and scripts/validate-skills-schema.py) that are expected to exist in the host environment but are not provided within the skill's own file structure. This execution of unverified external code represents a security risk if the environment contains malicious scripts in those paths.
[COMMAND_EXECUTION]: The skill requests Bash(chmod:*) permissions to modify file access levels. While intended for structural validation, this capability can be used to alter permissions on the filesystem, potentially enabling the execution of unauthorized files or changing access controls on sensitive data.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted third-party content (plugin directories and SKILL.md files), which creates an indirect prompt injection surface.
Ingestion points: Content from plugin.json and SKILL.md files within user-specified directory paths.
Boundary markers: Absent; there are no instructions or delimiters provided to the agent to ignore or isolate instructions embedded within the files being validated.
Capability inventory: The agent has access to powerful tools including Bash (python, jq, chmod), Read, Glob, and Grep.
Sanitization: No sanitization or validation of the input files is performed before they are processed by the scripts.

validate-plugin