The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses complex shell commands to dynamically resolve file paths. Evidence: The use of command ls -d ~/.claude/plugins/cache/edwinhu-plugins/workflows/*/PHILOSOPHY.md 2>/dev/null | sort -V | tail -1 in SKILL.md.
[REMOTE_CODE_EXECUTION]: The skill generates and executes shell commands that dynamically compute the path to Python scripts. Evidence: In SKILL.md Mode 3, it recommends the pattern SCRIPTS=$(command ls -d ... | tail -1) && python3 "$SCRIPTS/script.py". This constitutes dynamic execution from computed paths.
[PROMPT_INJECTION]: The skill's workflow auditing feature is a surface for indirect prompt injection. * Ingestion points: SKILL.md (Mode 2) reads existing workflow files using the Read() tool. * Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when reading user-provided workflow files. * Capability inventory: The skill can execute shell commands (ls), read files, and write files. * Sanitization: There is no evidence of sanitization or content validation for the files being audited.
[DATA_EXFILTRATION]: The skill performs targeted reading of files within the ~/.claude/plugins/cache/ directory using dynamic path discovery. This allows access to configuration and logic files stored outside the immediate project working directory.

workflow-creator