The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands like mkdir -p .github/skills/<skill-name> and cp with user-provided variables. There is no explicit requirement for the agent to sanitize the <skill-name> input, which could lead to command injection if a user provides a malicious string containing shell metacharacters.- [PROMPT_INJECTION]: The skill contains 'Hard Rules' and 'Best Practices' directing the agent to 'Minimize Maintainer approvals' by batching commands. This instruction encourages the creation of skills that bypass or reduce the frequency of human-in-the-loop security checks (terminal command approvals), potentially allowing risky operations to be obfuscated within larger command batches.- [PROMPT_INJECTION]: The skill implements a template interpolation pattern where user-provided 'Skill Name', 'Description', and 'Purpose' are inserted directly into a new SKILL.md file. This creates an indirect prompt injection surface as there are no boundary markers or sanitization steps to prevent a user from providing malicious instructions that would then be treated as 'Hard Rules' or 'Purpose' by the agent when the new skill is loaded.

create-agent-skill