The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The templates/custom-mcp-server.ts file defines a custom tool named calculate that uses the eval() function to process input. This input is generated by the AI agent based on user prompts, which can be manipulated to execute arbitrary JavaScript code within the execution environment.
[COMMAND_EXECUTION]: Several templates, including templates/multi-agent-workflow.ts and templates/subagents-orchestration.ts, enable and demonstrate the use of the Bash tool. This provides the agent with the capability to execute shell commands. The safety logic provided in templates/multi-agent-workflow.ts uses a simple blacklist to block 'dangerous' commands, which is insufficient to prevent advanced command injection or bypasses.
[COMMAND_EXECUTION]: The documentation and templates (references/permissions-guide.md, templates/permission-control.ts) provide examples of using permissionMode: "bypassPermissions". This mode disables user-in-the-loop confirmations for sensitive operations, allowing the agent to write files and execute commands autonomously without oversight.
[PROMPT_INJECTION]: The skill facilitates the creation of agents that ingest untrusted data and have access to powerful system tools, creating a significant surface for indirect prompt injection.
Ingestion points: External data processed via tools (e.g., weather API results) and user prompts in templates/custom-mcp-server.ts and templates/multi-agent-workflow.ts.
Boundary markers: None are implemented in the provided prompt templates to distinguish between instructions and untrusted data.
Capability inventory: The agents have access to Bash, Write, Edit, and the custom eval-based calculate tool.
Sanitization: No input sanitization is provided; the implementation relies on Zod schema validation which does not filter for malicious instruction payloads.
[SAFE]: The skill correctly recommends and uses official packages from the @anthropic-ai organization, which is an established and trusted source.

claude-agent-sdk