The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell command templates in references/extraction-patterns.md that interpolate user-supplied configuration from the skill-brief.yaml file (such as {pattern}, {language}, and {path}) directly into bash pipelines for tool execution. This lack of sanitization allows for shell command injection.
[REMOTE_CODE_EXECUTION]: The {exclude_patterns} variable, sourced from the user-controlled skill-brief.yaml file, is directly interpolated into a Python script executed via python3 -c in the 'CLI Streaming Fallback' section of references/extraction-patterns.md. A malicious brief can exploit this to escape the Python list structure and execute arbitrary code on the host system.
[EXTERNAL_DOWNLOADS]: The skill fetches content from external GitHub repositories and arbitrary documentation URLs using git, gh, and various web fetching utilities as part of its core functionality in step-03-extract.md, step-03b-fetch-temporal.md, and step-03c-fetch-docs.md.
[DATA_EXFILTRATION]: The tool is designed to read and process sensitive project metadata, including issues and pull requests, from private or public GitHub repositories. If the agent has access to credentials (e.g., via the gh CLI), this could lead to the unintended exposure of private development information.
[PROMPT_INJECTION]: The skill ingests untrusted data from source code files, code comments, and external documentation URLs. This content is processed by the agent to generate instructions for the output SKILL.md. Maliciously crafted input data could be used to perform indirect prompt injection, potentially influencing the behavior of the resulting skill artifacts.
[DYNAMIC_EXECUTION]: The skill dynamically generates and executes Python scripts using python3 -c to perform data filtering and processing on extraction results, creating a runtime execution path for generated code.

skf-create-skill