The Agent Skills Directory

Educational Content and Scripting Utilities: The skill includes several bash scripts within its reference documentation (e.g., references/testing-strategies.md). These scripts are designed to assist developers in validating command structure, frontmatter syntax, and performance. Patterns such as file creation with dd and cleanup with rm are used appropriately for local testing and do not represent a security risk within this context.
Shell Execution Documentation: The skill extensively documents the use of bash execution syntax (!) and the allowed-tools configuration. It provides best practices for restricting tool access (e.g., using Bash(git:*) instead of Bash(*)) and demonstrates how to gather system context securely. This documentation is intended to help developers build context-aware commands responsibly.
Input Interpolation Patterns: The skill describes how to use dynamic arguments ($1, $ARGUMENTS) and file references (@). While these patterns create a surface for processing external data, the skill includes a dedicated section on 'Validation Patterns' that teaches developers how to sanitize inputs and verify resource existence to mitigate risks like command injection or indirect prompt injection.
Interactivity and User Engagement: The documentation covers the AskUserQuestion tool, providing patterns for gathering structured user input. This facilitates interactive workflows and reduces reliance on free-form text, which can improve the overall security and predictability of custom commands.

command-development