The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to execute shell scripts within the repository, specifically bash skills/check-registry.sh and bash skills/update.sh, to validate and synchronize the skill hub.
[REMOTE_CODE_EXECUTION]: The skill supports 'Proxy Skills' which involve executing commands like npx skills add [URL] to fetch and install skills from external GitHub repositories. This allows for the execution of remote code from unverified sources.
[EXTERNAL_DOWNLOADS]: The workflow involves adding external repositories as git submodules under the external/ directory, which downloads third-party content into the local environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external repositories and local files without explicit boundary markers or sanitization. 1. Ingestion points: Reads repository structure, registry.tsv, and external skill files in external/ or local-skills/. 2. Boundary markers: None provided in the instructions to distinguish between trusted control logic and untrusted data from external skills. 3. Capability inventory: Includes file system writes, shell script execution (bash), and network operations (git, npx). 4. Sanitization: No validation or sanitization of external skill content is performed before the agent processes it during the 'sync' or 'validation' steps.

skill-hub-builder