The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest user-provided workflows and documentation to generate new instructions for AI agents. This represents a surface for indirect prompt injection where untrusted user input could be incorporated into a generated skill body (Evidence: SKILL.md Step 1 and Step 4 instructions).- [COMMAND_EXECUTION]: Core functionality relies on executing local bundled scripts. scripts/init-skill.sh handles directory creation and file scaffolding with input validation for skill names. scripts/validate.py performs static analysis on the skill's structure and content, including specific checks to ensure file references do not perform path traversal (Evidence: SKILL.md Step 3 and Step 5).

skill-creator