The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches live specifications and best practices from multiple sources including agentskills.io, platform.claude.com, and official Anthropic repositories on GitHub. These operations are used to ensure that newly generated skills conform to the latest standards.
[COMMAND_EXECUTION]: The skill utilizes several bundled Python scripts (quick_validate.py, package_skill.py, run_eval.py, improve_description.py) to automate tasks such as YAML validation, skill packaging, and evaluation. These scripts use subprocess.run to execute local shell commands and the claude CLI, which is consistent with the skill's primary purpose as a developer utility.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it fetches content from external websites via WebFetch and uses that content to guide the creation of new skill instructions. Malicious instructions on a compromised external site could potentially influence the generated output.
Ingestion points: WebFetch calls in SKILL.md (Phase 0 and Phase 2).
Boundary markers: The workflow uses structured prompts for sub-agents to process the data, though it lacks explicit "ignore embedded instructions" delimiters.
Capability inventory: The skill possesses the ability to write files (Write), run shell commands (Bash), and modify existing content (Edit).
Sanitization: No explicit sanitization or filtering of fetched web content is performed before processing.

create-skill