The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill describes workflows for processing and analyzing external files (e.g., using grep, wc, and Read). This introduces a surface for indirect prompt injection where malicious content in an analyzed file could attempt to hijack the agent's behavior.
Ingestion points: File reading tools (Read), and structural analysis via grep and wc on user-provided files.
Boundary markers: Absent; the templates do not specify the use of delimiters or 'ignore' instructions for external content.
Capability inventory: The skill assumes access to Bash, Edit, Write, and a JavaScript REPL environment.
Sanitization: No content sanitization or validation logic is provided for external file data.
[COMMAND_EXECUTION] (LOW): The documentation provides instructions on how to implement 'Hooks' (e.g., tool-pre-use) and MCP (Model Context Protocol) servers. These features enable the execution of arbitrary shell commands and external binaries, which could lead to malicious persistence or privilege escalation if a user adopts malicious configurations.
[Metadata Poisoning] (LOW): The skill documentation repeatedly references a README.md file that is 9,594 lines long. Excessively large files are a common tactic used to hide malicious instructions or bypass context window limitations to inject hidden behaviors that are difficult for humans to audit.

claude-code-guide