The Agent Skills Directory

[COMMAND_EXECUTION]: The initialization script scripts/init_skill.py is vulnerable to path traversal. The skill_name argument is used directly in path construction (Path(path).resolve() / skill_name) without any sanitization. This allows the script to create directories and write files in arbitrary locations on the file system if a malicious path is provided.
[COMMAND_EXECUTION]: The scripts/init_skill.py script contains a code injection vulnerability in its template generation logic. It inserts the unsanitized skill_name argument into a Python script template using string formatting. If the generated script is executed, any code injected via the skill_name parameter will be run.
[COMMAND_EXECUTION]: The initialization script automatically modifies file system permissions using chmod(0o755) on generated scripts. Modifying permissions on dynamically created files is a sensitive operation that bypasses typical user oversight.
[PROMPT_INJECTION]: The skill contains deceptive metadata regarding its authorship. The SKILL.md frontmatter identifies the author as 'Anthropic' (a trusted entity), which directly contradicts the provided author context of 'lawve-ai'. This misattribution can mislead users or agents regarding the skill's provenance and security profile.
[SAFE]: The validation script scripts/quick_validate.py correctly uses yaml.safe_load() for parsing skill frontmatter, which prevents potential unsafe deserialization attacks.

skill-creator-anthropic