The Agent Skills Directory

[PROMPT_INJECTION]: The skill employs extremely forceful and absolute language to override the agent's decision-making process and mandate tool usage. Phrases such as "ABSOLUTELY MUST", "not negotiable", "not optional", and "You cannot rationalize your way out of this" are classic injection patterns designed to force compliance and bypass the agent's internal reasoning or safety filters regarding tool appropriateness.
[EXTERNAL_DOWNLOADS]: The skill provides explicit instructions for the agent to find and install third-party code from arbitrary external sources. The command npx skills add <owner/repo@skill> -g -y facilitates downloading packages from potentially untrusted GitHub repositories or other sources.
[COMMAND_EXECUTION]: The skill directs the agent to use CLI tools (npx skills find and npx skills add) to modify its own execution environment by adding new capabilities.
[REMOTE_CODE_EXECUTION]: By instructing the agent to use npx skills add with the -y (auto-confirm) and -g (global) flags, the skill creates a path for the automated installation and execution of unverified remote code. This can lead to the introduction of malicious logic into the agent's environment without user review.
[PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface in the 'Find Missing Skills' section. It encourages the agent to search for skills based on queries and then install them. Maliciously crafted metadata in third-party skill search results could influence the agent to install harmful packages or execute unintended commands.

using-toolkit