The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation and publishing-guide.md provide instructions for adding third-party 'marketplaces' and installing plugins directly from GitHub repositories (/plugin marketplace add user/repo). This pattern facilitates the introduction of unverified code into the user's environment.
REMOTE_CODE_EXECUTION (MEDIUM): The component-patterns.md and full-plugin.md files include examples of Model Context Protocol (MCP) server configurations that use npx -y @package (e.g., @stripe/mcp-server, @modelcontextprotocol/server-postgres). This command automatically downloads and executes code from the npm registry without version pinning or integrity verification.
COMMAND_EXECUTION (MEDIUM): The skill utilizes a 'hooks' system (hooks/hooks.json) that automatically executes shell scripts (bash, node) in response to agent events like PostToolUse or SessionStart. This creates a vector where a malicious plugin can execute arbitrary code silently in the background whenever the agent performs routine tasks.
DATA_EXFILTRATION (LOW): Examples in component-patterns.md demonstrate the use of sensitive environment variables such as STRIPE_API_KEY and DATABASE_URL. While using placeholders is a best practice, the architectural pattern of passing these secrets to MCP servers or scripts increases the risk surface for exfiltration if a malicious plugin is installed.

plugin-master