The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill encourages the installation of the skill-seekers dependency using a curl | python pattern (python3 -c "$(curl -fsSL ...)"). This method executes remote code directly from a third-party GitHub repository without verification, representing a high-risk execution vector. This is documented in references/setup.md and scripts/setup_skill_seekers.sh.
[COMMAND_EXECUTION]: The skill includes a utility script (scripts/enhance-workaround.sh) that executes the claude CLI using the --dangerously-skip-permissions flag. This action explicitly bypasses built-in security guardrails and grants the agent unrestricted tool access during the enhancement process.
[REMOTE_CODE_EXECUTION]: The scripts/enhance-workaround.sh script dynamically generates a Python script at runtime and executes it via the interpreter to interface with local APIs. This runtime code generation increases the risk of injection and execution of unauthorized logic.
[EXTERNAL_DOWNLOADS]: The skill performs automated downloads from external domains, including GitHub and skillseekersweb.com, to fetch configurations and source code. These resources originate from a third-party repository (yusufkaraaslan/Skill_Seekers) that is not recognized as a trusted source, requiring manual verification of the downloaded content.
[PROMPT_INJECTION]: The skill presents a significant surface for indirect prompt injection as it ingests untrusted content from documentation websites, code repositories, and PDFs. It lacks explicit boundary markers or sanitization logic to prevent malicious instructions within these sources from influencing the agent's behavior.
Ingestion points: Website scraping, GitHub analysis, and PDF extraction defined in SKILL.md and references/advanced-workflows.md.
Boundary markers: Absent in ingestion logic.
Capability inventory: Extensive use of bash, write, git, pip, and npx across several scripts.
Sanitization: No evidence of content escaping or validation before processing.

skill-builder