The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The installation script (scripts/install.sh) fetches the SKILL.md and README.md files from a remote GitHub repository (KimYx0207/agent-teams-playbook) that is not listed as a trusted vendor. This repository is controlled by an individual rather than a known organization.
[REMOTE_CODE_EXECUTION]: The skill logic in SKILL.md (Stage 1, Step 2) directs the agent to search for and install external skills using the command npx skills add <owner/repo@skill-name> -g -y. This pattern allows for the dynamic download and execution of arbitrary code from third-party sources encountered during the skill discovery process.
[COMMAND_EXECUTION]: The scripts/install.sh script performs several local system operations, including creating directories (mkdir -p), removing existing directories (rm -rf), and setting file permissions (chmod +x). While common for installation scripts, these actions should be reviewed if coming from an untrusted source.
[PROMPT_INJECTION]: The skill uses strong terminology such as "铁律" (Iron Law) and "硬性标准" (Hard Standards) to enforce its own internal logic and workflow. While used here for orchestration consistency, such patterns can sometimes be used to prioritize skill-specific instructions over general agent safety guidelines.

agent-teams-playbook