The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local bash scripts (e.g., check-description.sh, check-links.sh) to validate generated content. It also sets up a TypeScript CLI for stateful skills that executes local logic via npx tsx. Additionally, it performs file system operations such as creating directories and symbolic links (e.g., ln -s) to install skills into the agent's dispatcher path.
[PROMPT_INJECTION]: The skill acts as a code generator (meta-skill), which introduces a surface for indirect prompt injection. It ingests untrusted user input (the skill 'brief') and incorporates it into generated SKILL.md files and other agent instructions. This could be exploited by an attacker to embed instructions that override the generated skill's behavior.
Ingestion points: Untrusted data enters the context during the requirements gathering phase in WORKFLOW.md (Step 1) and the shape classification phase (Step 1.5).
Boundary markers: The skill organizes its output into structured Markdown sections and YAML frontmatter but lacks explicit sanitization or escaping of the user-provided strings before interpolation.
Capability inventory: The skill possesses capabilities for directory creation, file writes, symbolic link creation, and local script execution across various files.
Sanitization: No active input sanitization is observed; the skill relies on post-generation validation scripts and manual user review to detect anomalies.

generate-skill