The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides documentation for executing shell commands via the 'Bash' tool, including patterns for unrestricted execution using 'Bash(*)' and specific tools like 'npm' or 'git'.
[PROMPT_INJECTION]: The reference guide mentions parameters like '--system-prompt' and '--append-system-prompt' which can be used to override or extend the agent's core instructions, potentially bypassing safety guardrails.
[DATA_EXFILTRATION]: The skill describes capabilities for fetching external data via 'WebFetch' while also having read access to the local file system, which creates a potential path for data exfiltration if sensitive files are accessed.
[PROMPT_INJECTION]: The documentation demonstrates an indirect prompt injection surface by showing how to read file contents directly into agent prompts without the use of sanitization or boundary markers. | Ingestion points: Examples in 'SKILL.md' (e.g., reading session task files into the prompt). | Boundary markers: Absent in provided command examples. | Capability inventory: 'Bash', 'Edit', 'Write', 'WebFetch', 'Read'. | Sanitization: No sanitization of file content is illustrated before passing it to the agent.

claude-code-reference