The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The 'Verification Scripts' section mandates the execution of 14 different Python scripts located in subdirectories of ~/.claude/skills/.
Evidence: Commands such as python ~/.claude/skills/vulnerability-scanner/scripts/security_scan.py . and python ~/.claude/skills/testing-patterns/scripts/test_runner.py . are listed as mandatory steps.
Risk: The skill assumes the presence of external, unverified code. Executing scripts from these paths allows for arbitrary code execution with the agent's privileges if those files are malicious or compromised.
PROMPT_INJECTION (LOW): The skill instructs the agent to 'Fix it, don't explain' and 'Just write code', which discourages transparency.
Evidence: The 'AI Coding Style' section explicitly states 'Fix it, don't explain' when a user reports a bug.
Risk: This instruction can be leveraged to perform stealthy malicious edits to source code, as the agent is directed to bypass the typical behavior of explaining its reasoning or the nature of its changes to the user.
PROMPT_INJECTION (LOW): Vulnerability surface for Indirect Prompt Injection.
Ingestion points: The skill uses 'Read' and 'Edit' tools to process local project files (e.g., UserService.ts).
Boundary markers: Absent; the instructions do not specify any delimiters to separate untrusted file content from the agent's instructions.
Capability inventory: Includes file system access (Read, Write, Edit) and shell execution via python scripts.
Sanitization: Absent; the skill does not require validation or filtering of the code it reads before processing.

clean-code