The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.spawnSync to execute the openskills CLI tool and perform build operations. Evidence is found in src/core/openskills.ts (running npm run build), src/commands/sync.ts, and src/commands/list.ts (executing the openskills binary with arguments).
[EXTERNAL_DOWNLOADS]: The skill fetches skill metadata and search results from an external registry. Evidence in src/core/registry.ts shows fetch calls to https://skillsdirectory.com/api/registry. The registry URL can be overridden via the ONESKILL_REGISTRY_URL environment variable, which could lead to fetching data from malicious sources.
[REMOTE_CODE_EXECUTION]: The skill provides a workflow for the discovery and installation of external code ('Agent Skills'). It provides instructions for the agent to execute npx openskills install <source>, which downloads and executes arbitrary code from GitHub or a registry. Evidence is found in the SKILL.md and README.md workflow definitions.
[DATA_EXFILTRATION]: The skill accesses and discloses internal directory structures to the agent context. The doctor command in src/commands/doctor.ts prints absolute paths for sensitive configuration directories such as .claude/skills, .gemini/skills, and .agent/skills to the agent's output.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the external registry data. Ingestion points: Ingests skill names, descriptions, and tags from skillsdirectory.com in src/core/registry.ts. Boundary markers: No delimiters or safety warnings are used when presenting registry data to the agent. Capability inventory: The skill has the ability to execute commands via spawnSync and modify the filesystem via symlinks. Sanitization: Registry data is extracted and returned to the agent without validation or escaping in the normalizeSkill function.

oneskill