The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands like mkdir, cat, ls, and chmod +x to manage the local filesystem for skill development. The verify-skill.md workflow specifically executes which and {tool} --version commands based on identifiers extracted from audited skills.
[PROMPT_INJECTION]: The auditing and verification components in audit-skill.md and verify-skill.md read and interpret content from external skill files. This creates an indirect prompt injection surface where a malicious skill could include crafted strings in metadata to influence the agent or exploit command execution in the auditor.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing third-party Python and Node.js packages, such as pypdf, pdfplumber, and docx-js, to facilitate domain-specific operations.
[CREDENTIALS_UNSAFE]: The api-security.md reference provides protocols for accessing credentials stored in ~/.claude/.env. While it teaches secure management using wrapper scripts to source variables locally, it establishes a workflow that interacts with a sensitive local credential storage path.

creating-agent-skills