The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The references/setup.md file instructs the user to execute a remote Python script directly from a non-trusted GitHub repository (yusufkaraaslan/Skill_Seekers) using the curl | python3 pattern, which bypasses package integrity and safety checks.\n- [REMOTE_CODE_EXECUTION]: The script scripts/enhance-workaround.sh pipes prompt content containing raw data scraped from the internet directly into the claude -p command. This creates a significant execution path for arbitrary instructions retrieved from external documentation or code repositories.\n- [COMMAND_EXECUTION]: The skill workflow utilizes high-privilege execution flags such as --dangerously-skip-permissions and performs numerous shell operations (git clone, mv, chmod) on potentially untrusted content fetched from the web.\n- [PROMPT_INJECTION]: The core design of the skill (converting external documentation into new agent skills) creates a major surface for indirect prompt injection. Malicious instructions embedded in a target website or repository could be promoted to the agent's active skill library during the 'enhance' or 'install' phases without sufficient isolation or sanitization.

skill-builder