The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill implements a workflow that generates a Python script (Phase 1) and then executes it locally using uv run (Phase 4). This script is designed to download, extract, and process archives from a user-specified remote URL (DOC_SOURCE_URL). Executing code that interacts with unverified remote sources presents a significant security risk if the URL points to malicious content or if the generated code contains vulnerabilities.
[COMMAND_EXECUTION]: The orchestration workflow executes numerous shell commands (e.g., ls, grep, ruff, mypy, pyright, uv run) using variables derived from user input ($ARGUMENTS). If the target path contains shell metacharacters, it could lead to command injection.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from an external documentation source and integrates it into the agent's execution environment.
Ingestion points: Data is fetched from DOC_SOURCE_URL (specified in SKILL.md Phase 0).
Boundary markers: None. The downloaded content is processed and then directly injected into the SKILL.md file under the ## Documentation Index section.
Capability inventory: The skill and its generated script have capabilities for file writing (SKILL.md, references/), network access (httpx), and subprocess execution (uv run).
Sanitization: While the skill performs 'markdown grooming' (removing Hugo shortcodes and transforming links), it lacks sanitization logic to detect or neutralize malicious instructions embedded in the downloaded documentation that could influence the AI agent's behavior.

add-doc-updater