The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute shell commands automatically via the 'npx claude-flow' CLI. These commands are used to perform pre- and post-operation tasks such as syntax validation, code formatting, and agent coordination.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'claude-flow' package from the npm registry, a well-known service. It also utilizes 'npx' to execute hook commands, which may involve downloading vendor-specific resources at runtime.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it interpolates untrusted data into hook commands.
Ingestion points: Task descriptions in the 'pre-task' hook and command strings in the 'pre-bash' hook are ingested via the '${tool.params.task}' and '${tool.params.command}' variables in the settings configuration.
Boundary markers: No explicit delimiters or boundary markers are observed in the hook configuration strings to separate data from instructions.
Capability inventory: The skill has the capability to execute arbitrary shell commands (via hooks), write to the file system (backups and formatting), and interact with network-connected MCP servers.
Sanitization: There is no evidence of sanitization or escaping of the interpolated parameters within the provided configuration files.

Hooks Automation