The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute git commands for cloning and sparse checkouts. The command arguments are passed as a list, which prevents shell injection vulnerabilities.- [EXTERNAL_DOWNLOADS]: The skill fetches directory metadata and ZIP archives from GitHub using the urllib library. It implements a _safe_extract_zip function that verifies extraction paths to ensure files are not written outside the intended destination, mitigating directory traversal risks.- [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to download and install agent skills (which contain code and instructions) from remote repositories. The implementation includes validation checks and uses structured logic to manage these installations securely, focusing on the intended administrative task.

skill-installer