The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads internal configuration and metadata files located in the user's home directory, including ~/.claude.json, ~/.claude/.mcp.json, and ~/.agents/.skill-lock.json. This access is intended for gathering metadata about the agent's environment but involves reading files that contain the configuration state of the AI agent platform.
[COMMAND_EXECUTION]: Shell commands such as test -d, ls, grep, and git log are used to find and analyze skills. These commands interpolate the user-provided <name> argument, which creates a potential surface for command injection if the input is not sanitized by the executing agent.
[PROMPT_INJECTION]: The skill reads content from the SKILL.md files of other skills (Ingestion point) and displays it to the user. This creates an indirect prompt injection surface (Boundary markers: absent) where a third-party skill could include instructions designed to influence the agent when the inspector displays its 'Capabilities' section. The skill possesses subprocess capabilities (Capability inventory: shell calls in SKILL.md) and does not specify input validation (Sanitization: absent).

skill-inspect