The Agent Skills Directory

[PROMPT_INJECTION]: SKILL.md uses strong imperative language such as 'MANDATORY', 'ABSOLUTE PROHIBITION', and 'CRITICAL' to enforce a 'Hybrid Parallel Pattern', compelling the agent to spawn specific subagents with pre-defined prompts and overriding default behavior. It also presents a surface for indirect prompt injection from scraped documentation content. Ingestion occurs in scripts/core/scrape_all_sources.py; boundary markers are absent in local files; capabilities include Bash, Edit, and Write across scripts; sanitization relies on markdownify without instruction filtering.
[REMOTE_CODE_EXECUTION]: The skill includes scripts and instructions, such as setup_dependencies.py and documentation in SKILL.md, that perform runtime package installation via pip install and suggest system-level commands like sudo apt install.
[EXTERNAL_DOWNLOADS]: The skill automates the scraping of documentation from external domains like anthropic.com and code.claude.com using the requests library. While these are well-known services, the scale and automation of the process increase the potential risk surface.
[COMMAND_EXECUTION]: The skill relies on orchestrating over 30 local Python and shell scripts via the Bash tool for critical functions like index management, scraping orchestration, and search.
[DATA_EXFILTRATION]: The skill requires broad Bash and filesystem access. The combination of network capability and file system write/read permissions for managing local documentation creates a potential surface for data exfiltration.

docs-management