The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill is designed to download and install external code packages using the npx skills add command. This enables the integration of third-party scripts and tools into the agent's operating environment.- [COMMAND_EXECUTION]: The skill relies on the execution of several CLI commands via npx, including npx skills find, npx skills add, npx skills update, and npx skills check. Specifically, it suggests using the -y flag which bypasses user confirmation prompts during installation.- [EXTERNAL_DOWNLOADS]: The skill interacts with external network resources, specifically the skills.sh registry and various GitHub repositories, to search for and retrieve skill packages.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes search results from an external registry. Maliciously crafted skill metadata in the registry could potentially influence the agent's behavior or trick it into installing unauthorized packages.
Ingestion points: Search results returned from the npx skills find command execution.
Boundary markers: No specific delimiters or safety instructions are defined to separate search results from the agent's operational logic.
Capability inventory: The skill possesses the capability to execute shell commands and install global packages.
Sanitization: There is no evidence of sanitization or validation performed on the data retrieved from the external registry.

find-skills