The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted documentation content and converts it into executable command files.
Ingestion points: Document sources including docs/**/*.md, tests/README.md, tests/manual/**/*, README.md, and CONTRIBUTING.md (via SKILL.md).
Boundary markers: Absent. The skill uses section headers for extraction but does not wrap the resulting output in protective delimiters or "ignore embedded instructions" markers.
Capability inventory: The skill uses the Edit tool to write generated commands to .claude/commands/. The generated commands are configured to use powerful tools including Bash, Read, Edit, and Skill (via references/templates/command_template.md).
Sanitization: The skill performs prose transformation (declarative to imperative) but explicitly preserves shell code blocks and CLI invocations found in the source documents without validation (via references/procedural_extraction_rules.md).
[EXTERNAL_DOWNLOADS]: The skill references several official technology domains (e.g., nodejs.org, pypi.org, learn.microsoft.com, go.dev) within its documentation quality rules. These are well-known technology services used for documentation linking and are considered safe.
[COMMAND_EXECUTION]: The skill detects shell commands and CLI patterns to identify procedural content. While it facilitates the creation of executable scripts, the skill itself does not perform arbitrary command execution during its own operation.

ln-161-skill-creator