The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The scripts/update-docs.py script downloads content from code.claude.com. While this is an external network request, it targets a trusted domain associated with the tool's ecosystem, downgrading the severity per [TRUST-SCOPE-RULE].\n- COMMAND_EXECUTION (MEDIUM): The skill is designed to configure and execute arbitrary shell commands via Claude Code hooks (e.g., PostToolUse, PreToolUse). While this is the intended functionality, it enables the execution of local scripts and system commands (like osascript, npx, and jq) based on agent activity.\n- DATA_EXFILTRATION (LOW): The skill documentation provides examples of hooks that could be adapted to exfiltrate data, such as passing tool inputs (which may contain sensitive file paths or content) to external commands. However, no active exfiltration was detected in the provided scripts.

creating-hooks