The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes local scripts scripts/init_skill.py and scripts/package_skill.py to automate the creation of file structures and the generation of .skill archives. These scripts perform standard file I/O and zip operations within the designated project directories. \n- [SAFE]: The skill implements 'Iron Laws' and 'Confirmation Gates' as defensive prompting techniques. These ensure the model remains focused on its primary task and forces it to pause for user approval before performing significant or generative actions. \n- [SAFE]: The scripts/quick_validate.py tool uses yaml.safe_load() to parse skill metadata, preventing potential YAML-based remote code execution or deserialization attacks. \n- [SAFE]: Indirect prompt injection surface analysis: Ingestion points include user requirements provided in Step 1. While direct boundary markers are absent, the workflow explicitly includes a human-in-the-loop validation step (Step 7: Review) and mandatory 'Pre-Delivery Checklists' to mitigate the risk of malicious instructions being incorporated into generated skills.

skill-forge