The Agent Skills Directory

[DATA_EXFILTRATION]: The skill generates and manages code that accesses sensitive configuration files on the local file system, such as ~/.claude/.env and ~/.opencode/.env, to retrieve API keys for use in generated API client CLIs.
[COMMAND_EXECUTION]: The workflow involves executing shell commands to set executable permissions (chmod +x) on newly created files and running the generated TypeScript scripts via the Bun runtime for validation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-provided strings, such as command names, descriptions, and purpose, directly into generated source code without implementing explicit sanitization or boundary markers.
Ingestion points: User requirement extraction in Workflows/CreateCli.md (Step 1).
Boundary markers: None present in the templates used for code generation.
Capability inventory: The skill has the ability to write files, modify permissions, and execute generated code.
Sanitization: No input validation or escaping mechanisms are described for user-provided data.
[EXTERNAL_DOWNLOADS]: Fetches the commander package from the public npm registry using bun add during the CLI tier upgrade process.

CreateCLI