The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a shell script directly from a remote URL by piping it to the shell.
Evidence: curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/main/install.sh | sh in SKILL.md.
This execution pattern is highly dangerous as the content of the script can be changed by the remote host at any time, leading to arbitrary code execution on the user's system.
[EXTERNAL_DOWNLOADS]: The skill fetches content from the rtk-ai GitHub organization, which is not recognized as a trusted organization or well-known service.
Evidence: URL https://raw.githubusercontent.com/rtk-ai/rtk/main/install.sh targets a third-party repository.
[COMMAND_EXECUTION]: The skill uses various shell commands to inspect the repository environment and modify configuration files.
Evidence: Execution of git remote -v, git config, and gh (GitHub CLI) to manage issue labels and repository settings.
[PROMPT_INJECTION]: The skill processes potentially untrusted data from local repository files, creating a surface for indirect prompt injection.
Ingestion points: The skill reads AGENTS.md, CLAUDE.md, .red/CONTEXT.md, and .git/config from the local repository.
Boundary markers: None. There are no instructions to the agent to isolate or ignore instructions that may be embedded in these files.
Capability inventory: The agent has permissions to execute shell commands (git, gh, curl) and write files to the repository (.red/agents/*.md, .github/workflows/*.yml).
Sanitization: No sanitization or validation is performed on the data read from these files before it is processed or used in subsequent operations.

setup-red-skills