The Agent Skills Directory

[COMMAND_EXECUTION]: JQ filter construction in the registry repair script.
Evidence: In scripts/fix-registry.sh (lines 126-130), the script constructs a jq filter by interpolating plugin_key values directly into a string: jq_filter="${jq_filter} | del(.plugins[\"${plugin_key}\"])".
Description: If the plugin registry contains a key with characters like "], it can manipulate the jq filter to perform unintended modifications to the registry JSON or the settings file, potentially leading to data corruption or clearing configuration values.
[PROMPT_INJECTION]: Indirect injection surface from processing local registry files.
Ingestion points: The skill reads ~/.claude/plugins/installed_plugins.json in both check-registry.sh and fix-registry.sh.
Boundary markers: Absent; the content is parsed as JSON and keys are used directly in the script's control flow.
Capability inventory: The skill uses the Bash tool to perform file operations (cp, mv, rm) and modify local configuration files based on the parsed data.
Sanitization: Absent; keys extracted from the registry are not validated or escaped before being interpolated into command strings.
[SAFE]: Dynamic context injection for environment discovery.
Evidence: SKILL.md uses the !command syntax to run pwd and find commands at load time.
Context: The commands are hardcoded, perform read-only operations on the project directory, and do not involve user-controlled input, making them a safe use of the feature for environment introspection.
[SAFE]: File access is restricted to the user's Claude Code configuration and the current project directory, which is consistent with the skill's stated maintenance purpose.

health-plugins