The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches documentation and API references from established services including docs.rs and doc.rust-lang.org.
[COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations and directory creation using variables such as {crate_name} and {module}. The absence of explicit sanitization for these user-provided inputs creates a surface for potential command injection if the agent environment does not properly handle variable interpolation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the documentation it processes.
Ingestion points: Content is retrieved from external, potentially user-controlled documentation sites (docs.rs) via tools like agent-browser or WebFetch.
Boundary markers: The generated skill templates do not include delimiters or instructions to ignore embedded commands within the fetched content.
Capability inventory: The skill possesses capabilities to write to the local file system (~/.claude/skills/) and execute shell commands.
Sanitization: There are no verification or sanitization steps provided for the external content before it is used to generate new skill configurations.

rust-skill-creator