The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The cmd_install function in scripts/sync.py uses subprocess.run to execute a git clone command using a source URL provided as an argument. This enables the agent to download and potentially execute arbitrary code from remote sources.
[COMMAND_EXECUTION]: The skill uses the Python subprocess and shutil modules to perform system-level operations, including executing shell commands for Git and performing recursive directory deletions and copies on the local filesystem.
[EXTERNAL_DOWNLOADS]: The install command facilitates downloading content from external repositories (via HTTP/HTTPS or SSH) into the user's local skill directories.
[PROMPT_INJECTION]: The script includes an indirect prompt injection surface in the _get_skill_description function within scripts/sync.py. This function reads the description field from SKILL.md files and displays it in the list command output. A maliciously crafted skill file could embed instructions within its metadata that the agent might inadvertently follow during a listing or status operation.
Ingestion points: scripts/sync.py reads data from SKILL.md files in various local and project directories.
Boundary markers: None detected; the script parses lines starting with 'description:' directly.
Capability inventory: Uses subprocess.run for Git commands and shutil for file management.
Sanitization: No sanitization or validation is performed on the text extracted from skill metadata before it is displayed to the agent context.

skills-sync