The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is a generator for executable status line scripts that ingest untrusted session data via stdin.
Ingestion points: stdin receives JSON context including cwd, workspace.current_dir, and transcript_path from the active project in SKILL.md and references/anthropic-statusline.md.
Boundary markers: No boundary markers or 'ignore' instructions are included in the generated script templates to prevent the agent from obeying instructions embedded in filenames or paths.
Capability inventory: The generated scripts have the capability to execute system commands (e.g., git calls in examples) and access the filesystem as the local user.
Sanitization: While templates suggest using jq for parsing, they lack explicit warnings or sanitization logic to prevent command injection when project-controlled variables are interpolated into shell environments.
[COMMAND_EXECUTION] (MEDIUM): The skill setup instructions in SKILL.md require the user to run a local Python script (update-docs.py) and encourage granting execution permissions (chmod +x) to user-generated scripts, which increases the host's attack surface.
[EXTERNAL_DOWNLOADS] (LOW): scripts/update-docs.py fetches documentation from https://code.claude.com/docs/en/statusline.md. Although this is an external network request, the source is an official domain associated with the developer of the supported tool (Anthropic), qualifying it for a downgraded severity under trusted source rules.

writing-statuslines