The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell commands including mkdir, cp, find, grep, tree, and test to perform file system operations and audit skill structures. These commands are primarily located in workflows/create-skill.md, workflows/validate-skill.md, and workflows/canonicalize-skill.md for tasks such as creating directory structures, backing up existing skills, and counting files for validation.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. In workflows/create-skill.md (Step 2), it ingests untrusted user input for skill names, descriptions, and activation triggers. These inputs are subsequently interpolated into markdown templates and saved as new files in the ${PAI_DIR}/skills/ directory. There are no sanitization or validation routines mentioned to prevent a user from providing malicious instructions that would be persisted and executed when the agent interacts with the created skill.\n
Ingestion points: User input collected during Step 2 of the creation workflow (workflows/create-skill.md).\n
Boundary markers: Absent; user content is placed directly into markdown templates without delimiters or warnings against embedded instructions.\n
Capability inventory: The skill has file-write capabilities via the agent's ability to create and modify .md files in the skills directory, and it can execute shell commands for directory and file management.\n
Sanitization: Absent; the workflow does not describe any escaping or filtering of user-provided content before writing it to the filesystem.

system-create-skill