The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill directs the user to download and run a compiled binary installer (DevTools Hub Setup 1.2.0.exe) from a personal GitHub repository (lszdeveloping/devtoolshub). Downloads from unverified third-party repositories carry high risk as the contents cannot be easily audited.
[COMMAND_EXECUTION]: The application requires full Administrator permissions (UAC elevation) to perform its core functions. It modifies Machine-level environment variables (PATH) and the Windows Registry (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment), which are sensitive system-wide configurations.
[REMOTE_CODE_EXECUTION]: The skill provides templates and scripts that use PowerShell's Invoke-WebRequest to fetch executables from remote URLs (e.g., https://example.com/newtool-installer.exe) and execute them silently (Start-Process ... -ArgumentList "/S"). This pattern allows for the arbitrary installation of software with elevated privileges.
[COMMAND_EXECUTION]: The documentation instructs users to lower their system's security posture by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned, which allows the execution of local and downloaded scripts that might otherwise be blocked by system security policies.
[COMMAND_EXECUTION]: The skill's architecture involves an Electron application that spawns elevated child processes (execElevated) to run PowerShell scripts, a powerful capability that could be abused if the script logic or tool metadata is tampered with.

devtools-hub-installer