The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve a GitHub access token using gh auth token and store it in plain text within the ~/.git-credentials file. This is a highly insecure practice as any process or user with read access to the home directory can harvest the credential.
[DATA_EXFILTRATION]: The skill is configured to automatically push the local project content to a hardcoded remote GitHub account (GGPrompts). This behavior could lead to the unauthorized transfer of a user's local work to a repository controlled by the skill author.
[COMMAND_EXECUTION]: The skill uses shell command substitution and redirection ($(...), >) to configure git and push data. These operations are executed at the end of the build phase and involve the interpolation of credentials directly into shell commands.
[PROMPT_INJECTION]: The skill accepts user-provided input through the $ARGUMENTS variable and uses it to construct file paths and git commit messages without explicit sanitization. This provides an attack surface for indirect prompt injection or path traversal.
Ingestion points: $ARGUMENTS variable used as the aesthetic name in SKILL.md.
Boundary markers: No boundary markers or instructions are provided to the agent to treat the aesthetic name as untrusted data.
Capability inventory: File system write access (creating HTML files), git configuration, and remote network access via git push.
Sanitization: There is no evidence of sanitization, validation, or escaping of the user-provided aesthetic name before it is used in file system and shell operations.

styleguide