The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements dynamic context injection using the !command syntax to perform runtime environment detection. It checks for the existence and versioning of various CLI tools (e.g., git, gh) and verifies the presence of environment variables. These commands are used for status monitoring and do not execute destructive or unauthorized operations.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its core functionality involves reading and analyzing existing skill files provided by the user or found in the environment.
Ingestion points: Files are read via the skill_view tool or direct file system access during "Improve" or "Evaluate" modes (Step 6 and Step 7 in SKILL.md).
Boundary markers: The instructions do not explicitly define delimiters or "ignore embedded instructions" warnings for the ingested skill content.
Capability inventory: The skill has the ability to write to the file system and modify skills via skill_manage (Step 6d) and can execute shell commands through the dynamic context injection feature it promotes.
Sanitization: No sanitization or escaping of the content read from external skill files is specified before processing.
[EXTERNAL_DOWNLOADS]: The documentation and examples within the skill suggest patterns for installing dependencies using standard package managers like npm, pip, and go. These are standard developer workflows for the intended purpose of the skill and target well-known registries.

skill-creator