The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes a dedicated reference file (api-security.md) that explicitly teaches secure credential management. It recommends using wrapper scripts and environment variables stored in a central configuration file (~/.claude/.env) to prevent sensitive keys from appearing in the conversation history.
[COMMAND_EXECUTION]: Various workflows facilitate the creation of directories and scripts using standard shell commands. These operations are scoped to the agent's expected skill directory and include validation steps and success criteria to ensure reliable execution.
[EXTERNAL_DOWNLOADS]: Documentation and workflows reference standard, well-known libraries such as pypdf and pdfplumber for specific document processing tasks, which is consistent with the skill's technical guidance.
[PROMPT_INJECTION]: The skill identifies and provides mitigation strategies for accidental dynamic context injection. It specifically advises on how to document shell command placeholders (using the ! prefix) safely to prevent them from executing during the skill loading phase.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests external data via web searches and library documentation tools to aid in skill creation, it incorporates verification steps and recency checks to mitigate risks associated with untrusted technical content.

creating-agent-skills