The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill documentation targets sensitive configuration and credential files. Evidence: SKILL.md identifies sensitive paths like '~/Library/Application Support/Claude/claude_desktop_config.json' and '.env'. EXAMPLES.md provides templates for managing sensitive 'POSTGRES_CONNECTION_STRING' and 'API_KEY' variables.
[Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill promotes the execution of unverified remote code through package managers. Evidence: workflows.md and EXAMPLES.md recommend using 'npx -y', 'npm install -g', and 'uv run' for various servers without integrity checks. SKILL.md allow for 'extraKnownMarketplaces' to be defined via arbitrary Git URLs.
[Indirect Prompt Injection] (HIGH): The skill has a large attack surface for indirect injection via project-controlled data. Ingestion points: Reads configuration from '.claude/settings.json', '.claude-plugin/marketplace.json', and '.env'. Boundary markers: Absent. Capability inventory: High-privilege actions including writing to global application config files and executing shell commands via npm/uv/npx. Sanitization: Absent. Content from project files is directly used to configure the agent's execution environment.
[Privilege Escalation] (MEDIUM): Includes instructions to modify application-level security settings. Evidence: troubleshooting.md provides commands to enable Chrome DevTools by modifying 'developer_settings.json', potentially reducing the security posture of the host application.

claude-config