The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is authorized to execute a specific local synchronization script via ./bin/hal sync, which applies the generated configuration changes to the environment.- [PROMPT_INJECTION]: The skill processes untrusted data from external files, creating an indirect prompt injection vulnerability. Malicious instructions placed in the metadata of scanned skills could influence the agent during the synchronization process.
Ingestion points: The skill reads name and description fields from all skills/*/SKILL.md files within the /usr/local/hal-9000 directory.
Boundary markers: No delimiters or 'ignore' instructions are used when interpolating extracted metadata into the update logic for README.md, CLAUDE.md, and JSON configuration files.
Capability inventory: The skill has the ability to modify system-level configuration files (settings.json, hal_dotfiles.json) and execute shell commands (Bash). It specifically updates the permissions.allow array, which controls the agent's access to tools.
Sanitization: The instruction to 'rewrite each description' provides a model-based transformation layer, but the name field is extracted and used directly in configuration paths and permission strings without sanitization.

sync-skills