The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform extensive shell operations, including running initialization and validation scripts via Python and executing complex pipelines involving curl and python3 -c commands.- [DATA_EXFILTRATION]: The publishing workflow involves reading the full content of all files within a user-specified directory and sending that data to an external endpoint (https://skills-market-gateway.fly.dev) via a POST request.- [REMOTE_CODE_EXECUTION]: The skill uses python3 -c to execute inline Python code that dynamically walks the file system, reads file contents, and packages them into JSON payloads for network transmission.- [EXTERNAL_DOWNLOADS]: The skill interacts with an internal Unix socket (/.fly/api) to retrieve OIDC tokens, which are then used as credentials for external network requests to the publishing gateway.- [PROMPT_INJECTION]: As a meta-tool that generates new skill instructions based on user input, it presents a surface for indirect prompt injection.
Ingestion points: User input for skill names, descriptions, trigger phrases, and use cases (Phase 0, Phase 3).
Boundary markers: None identified in the provided templates to isolate user-provided text from agent instructions.
Capability inventory: The tool creates skills capable of executing scripts, accessing environment variables (requires.env), and performing network operations.
Sanitization: There is no evidence of sanitization or escaping of user input before it is written into the generated SKILL.md file.

@554/better-skill-creator