The Agent Skills Directory

[COMMAND_EXECUTION]: Uses npx skillkit@latest to perform search, installation, and lifecycle management of skills through the command line.
[EXTERNAL_DOWNLOADS]: Downloads skill data and scripts from GitHub repositories. The skill provides shortcuts for official collections from trusted organizations such as Anthropic, Vercel, Supabase, and Stripe.
[REMOTE_CODE_EXECUTION]: The core functionality involves installing and potentially running code from external repositories. While it promotes several verified and well-known repositories, the install command accepts arbitrary owner/repo inputs, enabling the execution of untrusted third-party scripts.
[PROMPT_INJECTION]: The skill processes user-provided strings for searching and repository selection, creating a surface for indirect prompt injection. • Ingestion points: User input for search queries and repository identifiers in SKILL.md. • Boundary markers: None. User-supplied content is directly interpolated into commands without delimiters. • Capability inventory: Full command execution via npx, network access, and file system modification across multiple scripts. • Sanitization: The instructions do not specify any validation or sanitization steps for the user-provided inputs.

find-skills