The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and installs additional agent skills from URLs provided by the mega-code CLI tool during the curation process.
Evidence: The file scripts/install_skills.py uses the mega_code.client.skill_installer.install_skills function to download and extract skills based on a JSON array containing name, path, and url fields.
[REMOTE_CODE_EXECUTION]: By downloading and installing new skills at runtime, the skill introduces a mechanism to execute code from remote sources.
Evidence: Step 5 in SKILL.md invokes the installation script which fetches remote content to the local skills directory. Subsequent execution of these skills constitutes remote code execution.
[COMMAND_EXECUTION]: The agent is instructed to execute arbitrary steps defined in a curation workflow generated by an external command.
Evidence: Step 7 in SKILL.md directs the agent to 'Follow the curation workflow' and 'Execute the step' for each item in the generated Markdown document.
[PROMPT_INJECTION]: The skill processes untrusted data from project manifests and follows instructions generated by an external service, creating a surface for indirect prompt injection.
Ingestion points: Project manifest files (e.g., package.json, pyproject.toml) read in Step 2, and the curation Markdown returned by the mega-code backend in Step 3.
Boundary markers: The skill uses quote-sealed heredocs in bash to contain variables, but the curation execution phase lacks explicit instructions to ignore embedded malicious prompts within the workflow.
Capability inventory: The agent has access to Bash, Read, Write, and Glob tools across all scripts, and is encouraged to execute the steps provided in the curation (documented in SKILL.md Step 7).
Sanitization: No evidence of sanitizing the curation workflow output or validating the contents of installed skills before execution.

mega-code-wisdom-curate