The Agent Skills Directory

[COMMAND_EXECUTION]: Multiple Python scripts (run_eval.py, improve_description.py, generate_review.py, validate-skill.py) use the subprocess module to execute system commands. This includes running the claude CLI for evaluation, lsof for port management, and other helper scripts for validation.
[DATA_EXPOSURE]: The generate_review.py script initializes a local HTTP server (defaulting to port 3117) to serve an interactive evaluation viewer. This server facilitates local web access to files within the skill's workspace directory.
[PROMPT_INJECTION]: The skill's core purpose is generating instructions for AI agents. The references/frontmatter-spec.md file contains explicit guidance and warnings against including 'system prompt injection patterns' in skill descriptions, specifically prohibiting phrases that attempt to override behavioral instructions or persona definitions.
[INDIRECT_PROMPT_INJECTION]: The skill incorporates an automated loop (scripts/run_loop.py) that ingests user requirements to generate and refine skill descriptions.
Ingestion points: User requirements gathered via AskUserQuestion and conversation history in SKILL.md.
Boundary markers: None explicitly used during prompt interpolation, but validation scripts are used to check output.
Capability inventory: Subprocess calls, file writing, and CLI execution across the scripts/ directory.
Sanitization: The skill utilizes a 100-point rubric and a validation script (validate-skill.py) to enforce spec compliance and safety guidelines on generated content.

skill-creator