The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands for environment discovery and file management.
It utilizes dynamic context injection (!command syntax) in the SKILL.md to run git rev-parse and find commands at load time for project structure discovery.
It executes an external analysis script located at ${CLAUDE_PLUGIN_ROOT}/skills/project-discovery/scripts/analyze-skills.sh.
It uses chmod +x to modify permissions of newly created scripts, allowing them to be executed by the system.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of reading and interpreting untrusted external data to perform actions.
Ingestion points: The skill reads the contents of various SKILL.md files across the plugin portfolio to identify bash patterns and workflow steps (Step 2).
Boundary markers: There are no identified boundary markers or instructions to the agent to disregard instructions or malicious patterns found within the ingested data.
Capability inventory: Across its operations, the skill has access to tools for creating and editing files (Write, Edit), creating directories (mkdir), and changing file permissions (chmod).
Sanitization: The skill does not describe any sanitization or validation process for the logic extracted from the target files before it is used to generate the final .sh scripts.

project-skill-scripts