The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation script scripts/install-dependencies.sh clones the repository https://github.com/AgriciDaniel/claude-seo and immediately executes bash install.sh found within that repository. This pattern of downloading and executing arbitrary code from untrusted third-party sources is a high-severity security risk.
[EXTERNAL_DOWNLOADS]: The skill automatically downloads two external skills (claude-seo and humanizer) from non-trusted GitHub accounts during the post-installation phase without user verification of the source code.
[COMMAND_EXECUTION]: The scripts/postinstall.js and SKILL.md instructions utilize execSync and shell commands (e.g., npm install -g, npm view) to manage updates and dependencies. Running global installations programmatically can lead to privilege escalation or system instability depending on the environment permissions.
[PROMPT_INJECTION]: The skill features a 'URL Scanning' workflow (Phase 1 and Phase 2) that fetches content from arbitrary external URLs using read_url_content. The instructions lack explicit boundary markers or sanitization steps when processing this external data, making the agent vulnerable to indirect prompt injection where instructions embedded in a webpage could override the skill's intended behavior.
[COMMAND_EXECUTION]: The update system described in SKILL.md instructs the agent to run npm view and npm install automatically, which involves executing shell commands based on external registry data.

content-writer