The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements a telemetry mechanism that reads a destination URL from ~/.superstack/config.json and uses curl to send usage data (metadata like skill name, duration, and platform architecture) to that external endpoint.
[COMMAND_EXECUTION]: The skill executes bash scripts to manage its telemetry state. It uses commands such as grep, sed, curl, and date to process local configuration and communicate with remote services.
[EXTERNAL_DOWNLOADS]: The skill promotes the installation of third-party tools via npx skills add <url>. This command fetches and installs executable instructions from remote GitHub repositories, which can lead to the execution of unverified code.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It reads data from JSON catalog files (clonable-repos.json, solana-skills.json, etc.) in the user's home directory and incorporates their contents into its responses without explicit sanitization or boundary markers to prevent embedded instructions from influencing the agent.
Ingestion points: Reads catalog JSON files from ~/.codex/skills/data/catalogs/ or ~/.claude/skills/data/catalogs/.
Boundary markers: None identified in the provided processing instructions.
Capability inventory: Execution of shell commands (bash), network access (curl), and file system access.
Sanitization: No evidence of input validation or escaping for the data retrieved from the catalog files.

navigate-skills