The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill utilizes unzip -o to extract archives from the dist/ directory. The -o (overwrite) flag is dangerous as it permits an untrusted archive to overwrite existing project files, including sensitive configurations or source code, without user intervention.
[PROMPT_INJECTION] (HIGH): This skill exhibits a significant Indirect Prompt Injection surface (Category 8) by processing untrusted external data and using it to modify project state.
Ingestion points: The skill reads the content of SKILL.md (specifically YAML frontmatter) from extracted .skill archives.
Boundary markers: Absent. There are no delimiters or validation steps to ensure the extracted metadata is safe or follows a strict schema before being used.
Capability inventory: The skill has the capability to write to the file system (unzip), modify project configuration (marketplace.json), and update documentation (README.md).
Sanitization: Absent. The skill blindly extracts descriptions, names, and categories from the untrusted file and interpolates them into JSON objects and Markdown tables.
[EXTERNAL_DOWNLOADS] (LOW): The skill's documentation update phase (Phase 5) generates links to download-directory.github.io. While this is a known utility, it encourages the download of content from external sources into the project environment.

install-skill