The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's instructions describe a process to download and execute a shell script from a remote URL (https://raw.githubusercontent.com/build000r/skillbox/main/install.sh) using the "curl | bash" pattern. This occurs during the provisioning phase if the tool is not already installed.
[COMMAND_EXECUTION]: The "scripts/scan_environment.py" script uses the subprocess module to execute multiple system commands, such as "git remote get-url" and various tool version checks, to assess the user's local environment and tool status.
[DATA_EXFILTRATION]: The skill performs an extensive scan of the user's local filesystem, searching for repositories in common directories such as "~~/repos" and "~~/projects" to a depth of three levels. It also accesses "~/.claude/settings.json" and checks for the presence of sensitive environment variables like "SKILLBOX_DO_TOKEN" and "DO_API_TOKEN", exposing environment metadata to the agent.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes metadata from local projects (e.g., package.json scripts and repository names) without sanitization.
Ingestion points: Filesystem metadata and package.json content processed by "scripts/scan_environment.py".
Boundary markers: None identified in instructions or scripts.
Capability inventory: Execution of shell commands, remote script installers, and container provisioning.
Sanitization: Lacks validation or escaping for project-derived strings before they are interpolated into generated configurations or command-line arguments.

skillbox-quickstart