The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the user to download and execute code from an external repository. While this is central to the skill's purpose and the repository (buildermethods/agent-os) appears to be associated with the author's organization, it involves cloning a repository and running a setup script locally. Evidence: SKILL.md (Step 5) and references/agent-os-guide.md (Section 3) command the user to git clone the Agent-OS repository and execute the project-install.sh script.
[COMMAND_EXECUTION]: The skill generates and executes bash commands using variables derived directly from user input without explicit validation or sanitization, creating a potential vector for command injection. Evidence: SKILL.md (Step 2) uses variables like PROJECT_ROOT, REPO_PATTERN, and IAC_TOOL in shell commands such as mkdir -p "$PROJECT_ROOT/...".
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests untrusted user data and has significant system capabilities. Evidence Chain: 1. Ingestion points: User responses to interactive scaffolding questions (Step 0). 2. Boundary markers: Absent for user-provided strings. 3. Capability inventory: Read, Write, Edit, Bash, Glob, Grep. 4. Sanitization: Absent.

agentic-skeleton-dir-structure