The Agent Skills Directory

[SAFE]: The skill instructions explicitly mandate security best practices, such as excluding credentials from skill files and using a local configuration file (workers.jsonc) instead.\n- [SAFE]: The script scripts/new_skill.sh performs local scaffolding tasks and includes logic to escape double quotes and backslashes in user-supplied descriptions to prevent injection.\n- [SAFE]: The use of npx skills for adding skills to the Codex environment is a standard administrative operation for this platform and does not involve untrusted remote code execution.\n- [SAFE]: While the skill processes existing skill files (an indirect prompt injection surface), this behavior is central to its primary purpose as an editor/manager, and the skill provides documentation on maintaining safe authoring standards.

smart-skill-maker