The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Write and Bash tools to create executable agent instructions in sensitive filesystem locations. It explicitly guides the creation of prompts that grant agents broad capabilities including shell access.- [DATA_EXFILTRATION]: The skill utilizes WebSearch and WebFetch tools to transmit technology stack details and architecture descriptions provided by the user to external services and third-party websites.- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and technical content from external URLs to serve as the foundational logic for generating agent system prompts.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the web and user architecture descriptions and interpolates it into persistent system prompts. * Ingestion points: WebSearch results, WebFetch content, and user architecture descriptions. * Boundary markers: Absent; generated prompts are free-form markdown without isolation from ingested data. * Capability inventory: Generated agents are explicitly granted high-privilege tools such as Bash, Read, and Write. * Sanitization: Absent; external content is processed and incorporated without validation.
[COMMAND_EXECUTION]: Persistence mechanism detected: The skill writes persistent configuration files to the global user directory (~/.claude/agents/), which modifies the AI agent's behavior globally across all projects on the host machine.

spawn