The Agent Skills Directory

[UNVERIFIABLE_DEPENDENCIES_RCE]: The skill provides instructions to install the skill-dl CLI utility by piping a remote shell script directly into a bash shell with elevated privileges: curl -fsSL https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh | sudo bash. This is a high-risk pattern that bypasses package integrity verification. Furthermore, the skill distributes a pre-compiled binary scripts/skill-dl-darwin-arm64 which is executed directly during the research workflow.
[PRIVILEGE_ESCALATION]: The use of sudo in the tool installation command grants root-level access to an external script from an untrusted personal GitHub repository, posing a risk of full system compromise if the repository or the delivery channel is compromised.
[INDIRECT_PROMPT_INJECTION]: The skill's primary research workflow involves downloading and reading SKILL.md files from external sources like playbooks.com and GitHub. These files are untrusted and can contain malicious instructions designed to hijack the agent's logic when they are ingested into the context during the synthesis phase.
Ingestion points: Files downloaded via skill-dl into the ./skill-research-corpus directory or similar local paths.
Boundary markers: None identified; the skill reads downloaded files directly to extract patterns without using isolation delimiters or safety instructions.
Capability inventory: The skill environment permits arbitrary shell command execution, network access, and file system modifications.
Sanitization: No validation or sanitization is performed on the downloaded markdown content before it is processed by the LLM.
[EXTERNAL_DOWNLOADS]: The skill uses skill-dl to clone and download content from various third-party repositories, bringing unverified code and documentation into the local workspace environment.

build-skills