The Agent Skills Directory

[SAFE]: The skill operates entirely on the local file system to manage project scaffolding. No network requests, external downloads, or attempts to access sensitive system files were found.- [COMMAND_EXECUTION]: The init_skill.py script uses Path.chmod to set executable permissions (0o755) on generated template scripts. This is a standard functional requirement for developer tools and does not represent an escalation of privileges.- [PROMPT_INJECTION]: This skill presents an attack surface for indirect prompt injection because it parses user-created SKILL.md files. Ingestion points: Metadata and body content of SKILL.md via quick_validate.py. Boundary markers: None specified for input files. Capability inventory: File system write access (directory/file creation) and ZIP archival. Sanitization: The skill utilizes yaml.safe_load() to prevent arbitrary code execution during frontmatter parsing and applies regex-based normalization to skill names.

skill-creator