The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a local JavaScript file located at scripts/skill-sync.js. This script is the primary execution logic for the synchronization process, granting it control over file generation and platform-specific updates.
[DATA_EXFILTRATION]: The skill performs extensive read and write operations across the repository, specifically targeting sensitive platform configuration directories such as .claude/commands/, .github/skills/, and .trae/rules/. This broad file system access allows for the modification of agent behavior and repository metadata.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests content from skills/<skill-name>/SKILL.md (untrusted source) and writes it directly into command definitions for various platforms without sanitization or boundary markers. * Ingestion points: skills/<skill-name>/SKILL.md and associated resource directories. * Boundary markers: Absent; the skill explicitly mandates direct copying of source text without modification. * Capability inventory: Execution of scripts/skill-sync.js and broad write access to agent/platform configuration directories. * Sanitization: Absent; no validation or escaping of the source content is performed before propagation.

skill-sync