The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation includes a workaround for installation that directs users to pipe a remote shell script from a non-trusted GitHub repository (jacob-bd) directly to the system shell (curl -fsSL https://raw.githubusercontent.com/jacob-bd/universal-skills-manager/main/install.sh | sh). This pattern allows for arbitrary code execution on the user's machine without prior inspection.
[CREDENTIALS_UNSAFE]: The skill facilitates the creation of a config.json file containing the user's SKILLSMP_API_KEY in plain text. It further encourages embedding this file into a ZIP archive for transfer to cloud platforms, which poses a high risk of credential exposure and theft.
[EXTERNAL_DOWNLOADS]: The skill connects to several third-party domains (skillsmp.com, skills.palebluedot.live, clawhub.ai) to fetch skill metadata and raw file content. These domains are not part of the trusted vendor or organization lists, introducing a supply chain risk.
[COMMAND_EXECUTION]: The skill utilizes bash and python3 to execute multiple local scripts (install_skill.py, validate_frontmatter.py, scan_skill.py) and manage file operations across various system directories (~/.claude, ~/.gemini, ~/.config/opencode). This broad level of access increases the impact of any potential compromise.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by downloading and installing SKILL.md files from community-managed hubs. Although the skill mentions a security scanner (scan_skill.py), it lacks formal boundary markers or sanitization to prevent malicious instructions embedded in the ingested skills from overriding agent behavior.

universal-skills-manager