The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides logic for the agent to interpolate raw user input directly into a shell command string (SKILLSMP_KEY=$(echo "..." | tr -d '\r\n')). This pattern is highly susceptible to command injection if a user provides a string containing shell metacharacters like backticks, semicolons, or subshell syntax.
[COMMAND_EXECUTION]: The skill promotes the use of npx skills add with both the -g (global installation) and -y (bypass confirmation) flags for packages found via skillsmp.com. Since skillsmp.com is an untrusted third-party source, this workflow could be exploited to silently install malicious code with elevated impact on the user's system.
[DATA_EXFILTRATION]: The skill instructions specifically target the reading and writing of ~/.claude/settings.json. This file is a sensitive configuration store for the agent environment and may contain other environment variables or security settings.
[EXTERNAL_DOWNLOADS]: The skill performs automated network requests to https://skillsmp.com to fetch data. This domain is not a recognized trusted service or organization, and the retrieved content is used to determine subsequent code execution (installation commands).
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted metadata (skill names and descriptions) from external APIs and processes this data to decide on installation actions. A lack of boundary markers or sanitization means malicious descriptions could influence the agent's decision-making process.

find-skills