The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches research data and prior art from GitHub repositories (e.g., VoltAgent/awesome-agent-skills) and arXiv to inform the design of new skills. These operations target well-known and trusted sources, and the skill implements a mandatory security gate to scan downloaded content for malicious patterns, size limits, and binary integrity before processing.
[COMMAND_EXECUTION]: The skill executes various system commands to support its development workflows, including code formatting (pnpm format, prettier), syntax verification (node --check), and MCP server management. These executions are implemented using secure patterns, such as spawnSync with shell:false, and are essential for its primary function as an orchestration and development tool.
[PROMPT_INJECTION]: The instructions define a comprehensive defensive layer called the 'Security Review Gate'. This gate mandates a scan of all incoming data for prompt injection signatures, such as 'ignore previous instructions' or 'act as if', and automatically fails the incorporation of any content that triggers these flags.
[REMOTE_CODE_EXECUTION]: The conversion workflow allows the agent to transform MCP servers from npm, PyPI, and Docker into native skills. While this involves executing third-party code, the functionality is transparently documented as the skill's primary purpose and is managed within the project's security context using state-tracking hooks (active-creators.json) and specific package verification steps.

skill-creator