The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill utilizes WebFetch and WebSearch to ingest data from external sources. This creates an attack surface where untrusted content could potentially contain instructions meant to influence the agent's behavior. The risk is rated as LOW because the skill lacks critical capabilities such as file writing or command execution.
Ingestion points: Untrusted data enters via WebFetch and WebSearch tool outputs.
Boundary markers: The skill does not implement delimiters or explicit instructions to distinguish between documentation and potentially malicious embedded instructions.
Capability inventory: Tools are limited to Glob, Grep, Read, WebFetch, and WebSearch. No write or execute permissions are granted.
Sanitization: No sanitization of retrieved web content is performed.
Data Exposure & Exfiltration (INFO): The WebFetch tool allows the agent to communicate with external domains. Analysis of the skill's logic shows it is intended for documentation lookup (specifically targeting trusted sources like Anthropic's documentation), and no patterns for accessing or exfiltrating sensitive local files (like SSH keys or environment variables) were detected.

claude-code-guide