The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill pulls updates from a remote Git repository (https://github.com/SAS-Asset-Management/SASAMClaudeCodeSkills) and automatically executes a registration script (register-commands.sh) contained within the downloaded content after a successful merge.
[COMMAND_EXECUTION]: The skill executes multiple local shell scripts and system binaries to manage the update process.
Evidence: Executed scripts include ./register-commands.sh and ./generate-manifest.sh in SKILL.md.
Evidence: Uses system utilities such as git, curl, jq, shasum, and rsync for file operations and network requests.
[EXTERNAL_DOWNLOADS]: Fetches remote version tracking and documentation files from external sources.
Evidence: Downloads VERSION and CHANGELOG.md from raw.githubusercontent.com.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and displaying unsanitized remote data.
Ingestion points: Remote CHANGELOG.md content is fetched via curl and echoed directly to the agent in SKILL.md.
Boundary markers: No delimiters or "ignore instructions" markers are used when presenting external content.
Capability inventory: The skill has high-privilege capabilities including file system modification, network access, and script execution (git pull, rsync, bash).
Sanitization: No sanitization or filtering is applied to the remote changelog text before it is processed by the agent.

sasam-update