The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill implements a delegation pattern that retrieves executable commands from dynamic, external, and potentially untrusted sources such as mcp__perplexity__search and WebSearch. These retrieved instructions are then passed to the Bash tool for execution, creating a direct vector for Remote Code Execution if the external content is compromised.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform system-level operations, including package detection via npm list -g, environment checks with command -v, and the execution of installation/update scripts retrieved at runtime.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from external sources, including documentation maps from code.claude.com and results from third-party search engines. These downloads are used to determine which commands the agent should execute.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection (Category 8). Ingestion points: Untrusted data enters the agent context via mcp__perplexity__search, WebSearch, and external Skill calls as defined in SKILL.md. Boundary markers: Absent. There are no delimiters or instructions to ignore embedded malicious prompts within the fetched data. Capability inventory: The skill utilizes Bash for subprocess execution and WebFetch for network reads. Sanitization: Absent. The skill does not validate, escape, or sanitize the commands retrieved from the web before presentation or execution.

ai-tools