The Agent Skills Directory

[COMMAND_EXECUTION]: Static analysis identified the fork bomb pattern :(){ :|:& };: in SKILL.md, modules/sdk-callbacks.md, and modules/performance-guidelines.md. Technical review confirms these are provided as defensive code examples for blocklists in validation hooks. They are presented as strings for comparison, not as commands for execution.- [PROMPT_INJECTION]: The skill documents 'Context Injection Hooks' (in modules/sdk-callbacks.md and modules/hook-types.md) that allow project files like README.md or CONVENTIONS.md to be prepended to user prompts. While this introduces a potential indirect prompt injection surface, it is a primary feature of the hook system being documented. The skill mitigates this by providing guidance on validation, testing, and sanitization patterns.

hook-authoring