The Agent Skills Directory

[SAFE]: The skill is well-structured and focuses on documenting user-initiated workflows. It utilizes restricted tool permissions (Read, Write, AskUserQuestion, and limited Bash) to perform its function without evidence of malicious intent or unauthorized data access.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it analyzes untrusted conversation history to generate new instructions. 1. Ingestion points: Full conversation history and the user-provided '$description' argument (SKILL.md). 2. Boundary markers: No explicit technical delimiters for history analysis are specified, but the interactive interview rounds serve as logical boundaries. 3. Capability inventory: The skill has the ability to write files (SKILL.md) and create directories (mkdir) via the agent's environment. 4. Sanitization: The risk is mitigated by a mandatory human-in-the-loop validation step in Step 4, where the user must review and confirm the generated content before it is saved to disk.

skillify