The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs an external Node.js package @aisuite/chub from the npm registry using npm install -g. This package is not from a recognized trusted organization or the skill author's verified scope.
[REMOTE_CODE_EXECUTION]: By installing and then executing the chub CLI tool, the skill enables execution of code from an external source on the host system.
[COMMAND_EXECUTION]: The skill executes multiple shell commands including npm install, chub --help, chub search, chub get, and chub annotate to perform its tasks.
[PROMPT_INJECTION]: The instructions explicitly direct the agent to "follow the instructions from the output of chub --help since that will be the latest guidance." This creates an instruction redirection vector where a potentially compromised or malicious CLI tool can provide arbitrary instructions that the agent is told to trust over its initial programming.
[DATA_EXFILTRATION]: The chub feedback command provides a mechanism to transmit data to an external service. While the skill includes a warning against including secrets, it remains a valid vector for data exfiltration.
[INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection:
Ingestion points: Documentation fetched via chub get and persistent annotations stored via chub annotate in SKILL.md.
Boundary markers: None. The agent is not instructed to treat the fetched documentation as untrusted data.
Capability inventory: The skill has the ability to execute shell commands and install software.
Sanitization: None. The agent directly processes content from external documentation and local persistent notes, which could contain instructions to poison future sessions.

get-api-docs