The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute an installation script directly from the vendor's public GitHub repository using a piped-to-bash pattern. This is a common installation method for developer tools but carries inherent risks of executing remote code.
Evidence: curl -fsSL https://raw.githubusercontent.com/alibaba/skill-up/main/install.sh | bash in SKILL.md (Step 0).
[COMMAND_EXECUTION]: The skill performs shell operations to verify the environment, check for existing API keys, and run the evaluation tool. It also generates and writes executable grading scripts (Python/Shell) based on user-provided templates.
Evidence: Execution of command -v skill-up, skill-up run, and printenv | grep -E 'ANTHROPIC_API_KEY|OPENAI_API_KEY|QODER_PERSONAL_ACCESS_TOKEN' in SKILL.md.
Evidence: Logic for generating script_path and grading scripts described in references/judge-types.md and evals/cases/scaffold-with-script-judge.yaml.
[PROMPT_INJECTION]: The skill processes untrusted local data (such as the target skill's SKILL.md or existing eval.yaml files) to scaffold new test cases. This creates an indirect prompt injection surface where malicious content in a project file could influence the agent's behavior during the scaffolding process.
Ingestion points: Reads local project files including SKILL.md and the evals/ directory to understand skill capabilities (Step 1 in SKILL.md).
Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are used when interpolating file content into generation prompts.
Capability inventory: The agent has capabilities to execute shell commands via the skill-up CLI, read/write files, and access environment variables.
Sanitization: No explicit sanitization or validation of the ingested file contents is mentioned before they are used to generate test prompts.

skill-upper