The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill uses Bash and Write tools to create and modify markdown files in the ~/.claude/agents/ directory. These files act as persistent system prompts that define the behavior and tool access for the AI agent globally.
[PROMPT_INJECTION] (LOW): The skill possesses a surface for Indirect Prompt Injection. 1. Ingestion points: User requirements for sub-agent purpose, role, and triggers gathered via AskUserQuestion. 2. Boundary markers: Absent; user input is directly interpolated into a markdown template. 3. Capability inventory: The generated sub-agents are capable of using Bash, Write, Edit, WebFetch, and WebSearch. 4. Sanitization: Absent; there is no validation or escaping of user input before it is written into the sub-agent's definition.
[PRIVILEGE_ESCALATION] (MEDIUM): The skill documentation encourages the use of permissionMode: bypassPermissions. Sub-agents configured with this mode and dangerous tools like Bash can execute commands without the standard user confirmation prompt, which could be exploited to perform autonomous destructive actions.

agent-creator