The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script examples/interleaved-thinking/examples/03_full_optimization.py implements a calculator tool using the eval() function on user-supplied strings. While it attempts to use a restricted global environment, this remains a high-risk code injection vector.
[COMMAND_EXECUTION]: The shell script examples/digital-brain-skill/scripts/install.sh performs filesystem operations, including directory creation and moving files into the user's local .claude/skills directory, which modifies the agent's execution environment.
[COMMAND_EXECUTION]: Reference implementations in skills/hosted-agents/references/infrastructure-patterns.md demonstrate using os.system to execute git commands populated with user-supplied identity strings (name/email), presenting a potential command injection surface if the inputs are not strictly validated.
[EXTERNAL_DOWNLOADS]: Root documentation and individual skill files (e.g., README.md, skills/filesystem-context/SKILL.md) provide instructions to download external content using curl from raw.githubusercontent.com for manual installation of skills.

context-engineering-collection