The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a shell command using node.js in Step 3: node .scripts/improve-prompt.cjs "$PROMPT" "$FEEDBACK" "$TARGET_MODEL" "$SYSTEM". Passing user-controlled variables ($PROMPT, $FEEDBACK, etc.) directly into a shell command line is a high-risk pattern that can lead to command injection if the underlying shell or agent execution environment does not properly sanitize these arguments.
[PROMPT_INJECTION]: The skill provides a surface for prompt injection through its core functionality. It takes untrusted user input, transforms it using an LLM (Step 3), and then executes the resulting text as a new prompt (Step 4). In the default 'quick' mode, the improved prompt is executed silently without the user ever seeing it, meaning a malicious input could trick the 'improver' LLM into generating a prompt that performs unauthorized actions without user oversight.
[REMOTE_CODE_EXECUTION]: The skill relies on an external script .scripts/improve-prompt.cjs which is not contained within the provided SKILL.md. Execution of local scripts whose contents are not verified or distributed with the skill manifest represents a supply chain risk.
[DATA_EXFILTRATION]: The skill processes the ANTHROPIC_API_KEY from the environment. While the described use (calling the Anthropic API) is intended functionality, the presence of environment variable access combined with the ability to execute arbitrary commands creates a path for credential theft if the skill is compromised.

prompt-improver