The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches development guidance and specifications from official GitHub repositories. These are well-known sources used for configuration and reference purposes.
[COMMAND_EXECUTION]: Includes a shell script (scripts/ensure_spec_repo.sh) that manages a local copy of the Agent Skills Specification. The script follows security best practices, including set -euo pipefail, idempotency checks, and explicit operation announcements.
[DATA_EXFILTRATION]: No patterns of unauthorized data collection or exfiltration were found. The skill operates within standard project and configuration directories (~/.claude/skills, ~/.agent-skills-spec).
[REMOTE_CODE_EXECUTION]: Uses official installation commands and standard git clone to manage dependencies. There is no usage of unsafe patterns like curl | bash or dynamic execution of untrusted remote content.
[PROMPT_INJECTION]: The orchestration logic and subagent prompts are designed to reinforce safety and quality (e.g., anti-hallucination rules, requirement for cited URLs) and do not contain instructions to bypass agent safeguards.

create-skill