The Agent Skills Directory

[SAFE]: The skill defines a procedural workflow for creating and validating agent skills using local assets and scripts. No remote code execution, external downloads, or sensitive data exposure issues were identified.
[PROMPT_INJECTION]: Analysis identified an indirect prompt injection surface in the instruction set that interpolates user-provided metadata into a shell command for validation. This surface is assessed as safe given the local development context and the presence of validation logic. 1. Ingestion points: The metadata placeholders '[name]' and '[description]' in SKILL.md. 2. Boundary markers: Placeholders are wrapped in double quotes within the instruction template. 3. Capability inventory: The agent is instructed to run a local script (scripts/validate-metadata.py) using the command line. 4. Sanitization: The included Python script performs regex and length validation on the inputs, and the workflow is intended for structured authoring rather than processing arbitrary external data.

skill-creator