The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/local-skills.py utility is vulnerable to path traversal. It extracts the name field from a skill's metadata (SKILL.md frontmatter) or takes user-provided arguments and uses them to construct filesystem paths for deletion (shutil.rmtree and os.unlink) without sanitization. A malformed name containing directory traversal sequences (e.g., ../../) could cause the script to delete files or directories outside the intended storage location. \n- [PROMPT_INJECTION]: The SKILL.md and subskills/manage-skills.md files contain instructions that explicitly command the agent to bypass standard analytical steps. The agent is directed to 'go directly to the manage-skills subskill and execute' and 'skip straight to executing the command' without first exploring the codebase or assessing state. This directive overrides the agent's typical safety-first reasoning when handling external paths. \n- [EXTERNAL_DOWNLOADS]: The skill utilizes the npx skills utility (provided by Vercel) to download and manage components from remote GitHub repositories. This facilitates the retrieval of third-party executable content for use by the agent. \n- [COMMAND_EXECUTION]: The Python scripts scripts/local-skills.py and scripts/discover-skills.py execute shell commands using subprocess.run. These commands process parameters derived from local file content or direct agent inputs to run tools like npx and uv.

ai-cli-helper