The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation references local shell commands such as just lint-skills and just update-readme for skill maintenance and validation. It also documents an experimental allowed-tools frontmatter field for authorizing specific tool calls like Bash or Read within the agent environment.
[EXTERNAL_DOWNLOADS]: The skill describes a pattern for referencing external repositories for skill updates. Example repositories cited, such as vercel/ai, belong to well-known and trusted organizations.
[PROMPT_INJECTION]: The skill includes comprehensive design rules to prevent 'shortcut' behavior where the agent might ignore core instructions. It enforces that the description field must describe only triggering conditions. Analysis of the attack surface for managing other skills: Ingestion points: local skill directory files; Boundary markers: Markdown headers and YAML frontmatter; Capability inventory: suggested use of just and allowed-tools; Sanitization: instructional constraints and linter-based validation rules.
[CREDENTIALS_UNSAFE]: Guidelines instruct users to use placeholders for generic skills and avoid hardcoding sensitive information. No actual credentials, API keys, or secrets were found in the skill content.

skill-writer