The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses and generates documentation containing a remote execution pattern where an installation script is downloaded and executed via shell (curl -fsSL https://raw.githubusercontent.com/plow-pbc/openseed/main/install.sh | bash). The script is hosted on the author's GitHub repository and is intended for skill setup.
[COMMAND_EXECUTION]: The skill performs multiple local shell operations:
It executes 'reconnaissance probes' to gather system state (e.g., which ollama, ollama list).
It runs a local verification script (ref/verify.sh) provided within the repository.
It performs filesystem management and Git initialization commands (mkdir, git init, git commit).
[DATA_EXFILTRATION]: The skill accesses local system information and directory manifests during reconnaissance. It addresses privacy concerns by instructing the agent to identify and redact sensitive information (credentials, tokens, environment variables) from output before presenting it to the user.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it uses user-supplied strings (capability names and file paths) to generate shell probes and content for file drafts.
Ingestion points: Capability descriptions and home directory paths provided by the user in SKILL.md.
Boundary markers: No specific delimiters are used for user input during reconnaissance, though the agent is instructed to obtain user approval for probes.
Capability inventory: Shell command execution (probes, git), and filesystem write access.
Sanitization: The instructions explicitly direct the agent to treat user-supplied paths as untrusted data, recommending the use of -- flag termination and argument binding to prevent shell injection.

seed-create