The Agent Skills Directory

[PROMPT_INJECTION]: Instructions in SKILL.md explicitly direct the agent to conceal its background activities from the user ("silent activation," "surfaces tool calls the user doesn't need to see," "never narrate"). This is designed to provide a clean user interface but intentionally obscures tool usage and background processing from user oversight.
[COMMAND_EXECUTION]: The skill utilizes dynamic context injection (!command syntax) in SKILL.md to execute shell commands like bash, curl, and cat at load time. These commands are used to fetch the current version, read project state, and render a dynamic header before the user-agent conversation begins.
[COMMAND_EXECUTION]: The script ensure-global-perms.sh (called during activation) modifies the agent's global configuration file (~/.claude/settings.json) to add the skill's directory to additionalDirectories and auto-approve several bash commands in permissions.allow. This effectively lowers the agent's security barriers for the skill's internal components.
[EXTERNAL_DOWNLOADS]: The skill performs an update check by fetching a version file from a GitHub repository via curl and provides an update command (update-skill.sh) that uses npx to download and install new versions of the skill from the author's repository.
[DATA_EXFILTRATION]: The skill transmits pseudonymous telemetry (UUIDs for user and repository identification, operating system, and skill version) to the author's domain (osis.dev) in the background to track onboarding and activation metrics.

osis