The Agent Skills Directory

Remote Code Execution (MEDIUM): The skill uses npx claude-flow@alpha in its hooks. npx downloads and executes code from the npm registry at runtime. The package claude-flow is not from a trusted organization, and the @alpha tag suggests unverified/unstable code.
Command Execution (MEDIUM): The hooks demonstrate shell commands that interpolate variables like $TASK and $ID. If these variables contain unsanitized input from a user or external source, it could lead to arbitrary command execution on the host system.
External Downloads (MEDIUM): References the external package @ruvector$sona@0.1.1 and claude-flow@alpha, neither of which originate from the defined list of trusted sources.
Indirect Prompt Injection (LOW):
Ingestion points: The $TASK variable in the pre-task hook is an entry point for untrusted data.
Boundary markers: Absent. The variable is interpolated directly into a shell command without delimiters.
Capability inventory: Shell execution via npx and network access for package fetching.
Sanitization: Absent. No escaping or validation of the $TASK input is performed before execution.

agent-sona-learning-optimizer