The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides templates and instructions for dynamically generating shell scripts using sed to substitute placeholders with project-specific values. If these values are derived from untrusted input, it could lead to command injection during script generation or execution. Additionally, it instructs the agent/user to modify shell startup files (~/.zshrc, ~/.bashrc) to persist the $CLAUDE_METADATA environment variable.
[EXTERNAL_DOWNLOADS]: The skill encourages 'adopting' external commands from arbitrary GitHub repositories. It provides instructions to fetch repository trees and file contents using the GitHub CLI (gh api) and base64 decoding. This pattern facilitates the ingestion of external, unverified code into the local environment.
[PROMPT_INJECTION]: The skill contains strict behavioral overrides that forbid the agent from performing any git operations, even when explicitly requested by the user. While intended as a control measure, this constitutes an instruction override of the agent's default capabilities. Furthermore, the workflow for reading and adapting external repository content creates a surface for indirect prompt injection, as malicious instructions embedded in those repositories could influence the agent's subsequent actions during the adaptation process.

claude-skill-management