The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation includes an installation instruction for the "Vite+" (vp) tool: curl -fsSL https://vite.plus | bash. This pattern of piping a remote script directly into a shell interpreter is a high-risk practice because it executes unverified code from an external server with the user's local privileges.
[EXTERNAL_DOWNLOADS]: The skill relies on x-cmd for environment management (x env use ...) and recommends installing the gh-llm extension via gh extension install ShigureLab/gh-llm. These operations download and execute code from third-party repositories and registries that are not among the trusted sources.
[COMMAND_EXECUTION]: The skill facilitates the execution of various CLI tools that can run arbitrary code or modify the file system, such as bun (JavaScript/TypeScript execution), uv (Python environment management), and vp run <script> (executing scripts defined in a project's package.json).
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process data from external, untrusted sources.
Ingestion points: The skill reads GitHub PRs, issues, and action logs via gh and gh-llm, and fetches arbitrary HTTP API responses via httpie (SKILL.md).
Boundary markers: There are no instructions or patterns provided to delimit untrusted content or warn the agent to ignore instructions embedded within the processed data.
Capability inventory: The skill has access to tools that can install software (x, gh extension), execute scripts (bun, uv, vp), and perform bulk text replacement in local files (sd) (SKILL.md).
Sanitization: No sanitization, validation, or escaping of external content is specified before the data is processed or used in downstream tasks.

agent-cli-toolkit