The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill is designed to copy executable shell scripts (.sh) and JavaScript files (.js) from external vendor plugin directories or node_modules into the project's local directory. These scripts are subsequently executed as part of the project's development workflow.\n- [COMMAND_EXECUTION]: The installation process involves using the Bash tool to grant execution permissions (chmod +x) to newly installed scripts in the .claude/hooks/ directory, preparing them for automated execution.\n- [COMMAND_EXECUTION]: The skill establishes persistence by modifying .claude/settings.json to register hooks that trigger command execution on specific agent lifecycle events, including PreToolUse (triggered by Edit/Write tools), PostToolUse, and SessionStart. This ensures that vendor scripts run automatically in the background across different sessions.\n- [COMMAND_EXECUTION]: The skill ingests untrusted data from multiple project manifest files (e.g., package.json, pyproject.toml, go.mod) to dynamically detect environments and determine configuration values. This represents an attack surface for indirect prompt injection where malicious content in these files could influence the generated configuration or script installation paths.

project-setup