The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill establishes a persistence mechanism by creating a SessionStart hook (.agents/hooks/session_start.sh) and instructing the agent to register it in settings (e.g., .claude/settings.json). This ensures that the synchronization script, which downloads and installs code from remote GitHub repositories, runs automatically every time the agent starts.
[COMMAND_EXECUTION]: The script scripts/check_and_sync.py uses subprocess.run to execute plugin_add.py. The execution includes the -y flag, which explicitly bypasses user confirmation prompts, allowing for silent installation of remote software.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to the GitHub API (api.github.com) to monitor remote repositories for changes. It relies on a configuration file (plugin-sources.json) which, if present in a project being analyzed by the agent, could lead to the unintended installation of malicious code from arbitrary repositories.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the plugin-sources.json file. An attacker who can commit this file to a repository the agent works on can control which code is automatically downloaded and executed on the user's machine.
Ingestion points: Reads repository sources from plugin-sources.json at the project root.
Boundary markers: None; the script processes the JSON contents directly.
Capability inventory: Uses subprocess.run to execute installation scripts and urllib.request to communicate with external APIs.
Sanitization: No validation of the GitHub repository owner or repository name is performed before passing them to the execution script.

auto-update-plugins