The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The README.md file instructs users to install the skill by piping a remote script directly into a shell interpreter (curl | bash for macOS/Linux and irm | iex for Windows). This pattern allows for the execution of arbitrary remote code on the user's system without prior inspection.
[EXTERNAL_DOWNLOADS]: The installation scripts (install.sh and install.ps1) fetch the skill's instruction file (SKILL.md) and templates from a remote GitHub repository at runtime. This creates a dependency on external content that could be modified after the initial installation.
[DATA_EXFILTRATION]: Both installation scripts perform a network request to an external service (api.counterapi.dev) to track the installation event. While intended for telemetry, this transmits activity data to a third-party domain.
[COMMAND_EXECUTION]: The SKILL.md instructions direct the agent to execute discovery commands (ls, cat) to inspect the project structure and content. Additionally, the skill installs persistent rules into the project's CLAUDE.md that automate file creation and modifications based on user keywords.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the local project environment.
Ingestion points: The skill reads files such as package.json, pyproject.toml, README.md, and .gitignore in Step 4 of SKILL.md.
Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the project files are provided.
Capability inventory: The agent has the capability to perform file reads, directory creation (mkdir), file writing (cp, redirect), and network operations via curl.
Sanitization: There is no evidence of sanitization or validation of the content read from project files before it is incorporated into the wiki or project configuration.

wiki-init