The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several shell commands (mkdir, cp, cat) to manage local files. It also dynamically resolves the path to a Python script (look_at.py) within a plugin cache directory (~/.claude/plugins/cache/edwinhu-plugins/...) and executes it using python3. This method of executing code from a dynamically computed path is a medium-risk pattern.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Source input in SKILL.md (local file or URL). Boundary markers: Absent in the metadata extraction step. Capability inventory: cp, mkdir, python3 (subprocess execution), and readwise CLI (network) in SKILL.md. Sanitization: Absent; untrusted content is processed directly for metadata extraction.\n- [DATA_EXFILTRATION]: The skill includes functionality to upload user documents and URLs to the Readwise Reader service. While Readwise is a well-known and legitimate service, this feature involves transmitting user-provided data to an external third-party platform.

reading-add