The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive configuration and rule files within the user's home directory, specifically targeting paths such as $HOME/.claude and $HOME/dotfiles/claude-code/rules/. This access is utilized to synchronize routing tables and agent settings with the local environment.
[COMMAND_EXECUTION]: The skill employs powerful tools including Bash, Write, and Edit to manage agent definitions. It is designed to create, modify, and delete files in the agents/ directory and update configuration files to reflect changes in the agent roster.
[PROMPT_INJECTION]: The skill provides an indirect prompt injection surface through its scaffolding functionality. It ingests user-provided domain descriptions and metadata to populate agent templates, which could allow malicious instructions to be embedded in newly created agents.
Ingestion points: Processes user-supplied strings for agent names, descriptions, and domain-specific logic in INSTRUCTIONS.md and AGENT-TEMPLATE.md.
Boundary markers: Uses Markdown code blocks and YAML frontmatter as structural delimiters for the generated agent files.
Capability inventory: The skill has permissions to write to the filesystem and execute shell commands via the Bash tool, allowing it to persist and potentially execute generated content.
Sanitization: No explicit sanitization or strict validation of the input strings is performed before they are interpolated into the system prompts of the generated agents.

authoring-agents