The Agent Skills Directory

[COMMAND_EXECUTION]: The 'Memory Protocol' section in SKILL.md instructs the agent to execute the shell command cat .claude/context/memory/learnings.md to load state. Instructions that direct an agent to run arbitrary shell commands represent a risk if the commands are modified.- [EXTERNAL_DOWNLOADS]: The metadata.json file contains an install_command that uses curl to download the skill's source from a GitHub repository (majiayu000/claude-skill-registry-data).- [DATA_EXFILTRATION]: The skill reads session memory from .claude/context/memory/learnings.md. Accessing files outside the immediate project scope, even for context management, creates a path for data exposure if those contents are later included in agent responses to external parties.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary function is to process and review user-supplied code snippets.
Ingestion points: User-provided code for admin interface review (SKILL.md).
Boundary markers: No delimiters or isolation instructions are present to separate untrusted user code from the agent's system instructions.
Capability inventory: The skill is configured with Read, Write, and Edit tool access.
Sanitization: There are no instructions for sanitizing or validating the content of the code being reviewed before processing.

admin-interface-rules