The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the npx skills command-line tool to perform skill discovery, search, and installation tasks as documented in SKILL.md.
[EXTERNAL_DOWNLOADS]: It facilitates downloading agent skills from external sources, such as GitHub repositories, through the npx skills add command.
[REMOTE_CODE_EXECUTION]: The installation process for external skills via the CLI involves downloading and executing code from third-party repositories, which is the primary purpose of this tool.
[PROMPT_INJECTION]: The skill processes and displays external skill metadata retrieved from the registry, serving as an indirect prompt injection surface. * Ingestion points: Skill names, descriptions, and metadata returned by the npx skills find command (SKILL.md). * Boundary markers: No specific delimiters or instructions are provided to the agent to treat search results as untrusted. * Capability inventory: The skill has command execution capabilities via npx as outlined in SKILL.md. * Sanitization: There is no evidence of sanitization or validation of the external content before it is processed or presented.

find-skills-wzr-999