The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's hooks (pre_execution, post_execution, and on_error) frequently execute npx claude-flow@alpha. This command downloads and runs a package from the NPM registry at runtime. This dependency is an 'alpha' version and does not originate from a well-known or trusted organization.
[COMMAND_EXECUTION]: The shell scripts defined in the lifecycle hooks interpolate variables such as $TASK, $TASK_CONTEXT, and $TASK_OUTPUT directly into commands (e.g., npx claude-flow@alpha memory search-patterns "API implementation: $TASK"). If these variables contain shell metacharacters or unsanitized user-provided task descriptions, it could lead to arbitrary command execution within the agent's environment.
[INDIRECT_PROMPT_INJECTION]: The skill incorporates a self-learning loop that fetches data from an external 'ReasoningBank' using the claude-flow utility.
Ingestion points: Data enters the context via the searchPatterns method and the npx command outputs in SKILL.md hooks.
Boundary markers: No clear boundary markers or instructions to ignore instructions embedded in retrieved patterns are present.
Capability inventory: The skill possesses high-privilege tools including Bash, Write, and Edit, allowing it to modify the codebase or execute system commands.
Sanitization: There is no evidence of sanitization or validation of the 'successful' patterns retrieved from the external database before they are presented to the agent's reasoning process.

agent-dev-backend-api