The Agent Skills Directory

Metadata Poisoning (MEDIUM): The metadata claims 20,990 stars and 2,347 forks for a niche agent skill subdirectory. This degree of popularity for a sub-component of a personal repository is statistically improbable and indicative of 'star padding' to create a false sense of trust.
External Downloads / Malicious URLs (HIGH): Automated scans (URLite) flagged a blacklisted URL (ID: UR04C2933140D9F19B-0200) within the MANIFEST.in file. In Python packaging, this file controls which files are included in a distribution; malicious entries here often point to remote payloads or C2 servers triggered during installation.
**Indirect Prompt Injection
Surface Analysis (HIGH):**
Ingestion points: The skill ingests user project code and metadata to generate packaging files (setup.py, pyproject.toml).
Boundary markers: None visible in the provided metadata.
Capability inventory: The skill description confirms capabilities for 'publishing to PyPI', which involves handling authentication tokens and executing external build commands.
Sanitization: Unknown, creating a risk that malicious user-provided metadata could be injected into generated executable build scripts (setup.py).
Command Execution Risk (MEDIUM): The skill facilitates the creation and execution of Python distribution tools. The execution of 'setup.py' is a known vector for arbitrary code execution during the 'sdist' or 'install' phases of Python package management.

python-packaging