The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill documentation specifies the use of Python 3.7+ scripts to automate the creation of skill directories and packaging processes. This involves local execution of scripts on the host system.
[DATA_EXFILTRATION] (LOW): The skill integrates with Slack via Rube to share skill metadata and summaries. While described as a notification feature, this mechanism could be misused to transmit sensitive file information or system metadata to external Slack workspaces.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted user input to generate executable skill structures.
Ingestion points: User-provided skill names and descriptions are used to populate SKILL.md and generate directory paths.
Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are documented for the input processing.
Capability inventory: Includes file system write access (directory/file creation), zip archiving, and network transmission (Slack API via Rube).
Sanitization: There is no evidence of sanitization or validation to prevent malicious instructions from being embedded in the generated skill metadata or used to manipulate file paths.

knowledge-distribution