The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform workspace discovery, directory traversal, and complex file management logic as part of its internal workflow.
[REMOTE_CODE_EXECUTION]: Step 4.2 involves a script validation phase where the agent executes a 'smoke test' (--help) on scripts synthesized from untrusted web content. Executing code derived from external sources, even with restricted flags, presents a risk of exploiting argument parsing vulnerabilities or unintended side effects in the generated logic.
[PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection as it ingests and processes data from web searches and third-party skills to synthesize new instructions.
Ingestion points: Untrusted data enters the context via WebSearch, WebFetch, and by reading existing third-party SKILL.md files from the local filesystem.
Boundary markers: The instructions mandate wrapping untrusted inputs (topic and task_context) in tags to distinguish data from instructions.
Capability inventory: The skill uses Bash (command execution), Write (file creation), and Agent (dispatching subagents) across its scripts.
Sanitization: Mitigations include the use of an external-content-sanitizer, a description-injection guard, a portability check to remove sensitive project/agent names from output, and a mandatory multi-cycle self-review loop.

skill-forge