The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructs the agent to stage and commit the '.claude/settings.local.json' file to the git repository in Step 11. Evidence: The instruction in SKILL.md states 'Stage all new/modified files: ... .claude/settings.local.json'. Risk: This file frequently contains local-only configurations, environment variables, or authentication tokens. Committing it to version control is a significant security risk that can lead to credential leakage.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute several shell commands, including 'agent-validate validate', file renaming for backups, and performing git commits.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from project manifest files to determine its configuration logic. 1. Ingestion points: Files such as 'package.json', 'Cargo.toml', and 'go.mod' are read in Steps 3 and 5. 2. Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the read files. 3. Capability inventory: The skill has the ability to execute shell commands ('agent-validate'), write files, and edit existing configurations. 4. Sanitization: The skill includes a mitigation step in Step 6, where it presents a summary of findings to the user and requires explicit confirmation before applying changes.

validator-setup