The Agent Skills Directory

[COMMAND_EXECUTION]: The Bash script uses the eval command to process data parsed from docs/cold-start-rubric.yml. Because the output of the YAML parser is not sanitized before being passed to eval, an attacker can include shell metacharacters in the rubric prompts or concepts to execute arbitrary commands.
[COMMAND_EXECUTION]: The skill dynamically constructs and executes shell commands for the claude CLI using input strings from the rubric file, which allows untrusted repository content to influence system execution.

cold-start-check