The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by transforming potentially untrusted documentation into agent commands. * Ingestion points: File paths provided in $ARGUMENTS and the recursive scan of the docs/ directory (SKILL.md). * Boundary markers: The skill does not implement delimiters or safety instructions to distinguish between legitimate procedural documentation and embedded malicious instructions. * Capability inventory: The skill utilizes file reading and writing capabilities to populate the .claude/commands/ directory. * Sanitization: No sanitization is performed on code blocks, which are explicitly preserved 'as-is' during transformation.
[COMMAND_EXECUTION]: The skill automatically assigns the 'Bash' tool to generated commands if it detects shell patterns in the source content. This facilitates the creation of executable scripts from unvalidated input, creating a risk for dynamic execution of malicious code injected into the source documentation.

ln-161-skill-creator