The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to sign up for 'https://agentation.dev'. This domain is not listed in the Trusted External Sources (e.g., GitHub, Vercel, Anthropics), posing a risk of directing non-technical users to an unverified platform.
COMMAND_EXECUTION (MEDIUM): The instructions explicitly state: 'If something needs to be installed, handle it yourself rather than asking the user to run commands.' This encourages the agent to execute installation commands like 'npm install' or 'pip install' autonomously. This bypasses the security layer of user review, which is critical when a skill might pull in malicious dependencies.
COMMAND_EXECUTION (LOW): The skill utilizes system commands 'open' (macOS) and 'xdg-open' (Linux) to launch the browser to external URLs and open locally created HTML files. While functional, it represents a local execution capability that could be abused if combined with malicious URLs.
INDIRECT PROMPT INJECTION (MEDIUM): The skill creates and updates a 'CLAUDE.md' file used for 'memory'. This file is read in subsequent sessions. If an attacker manages to influence the content of this file (e.g., through a project the user is working on), they could inject instructions that the agent would follow in future sessions due to the 'action first, explanation second' behavioral rule.

cc4d-00-getting-started