The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes chmod +x on shell scripts it deploys to the project's .claude/hooks/ directory. This is a standard procedure to ensure that automation scripts for session start/end and git hooks can run.
[EXTERNAL_DOWNLOADS]: The story-researcher agent is designed to perform web research using search engines (Google and Bing) and navigates to external websites to extract reference material. While it fetches external data, it follows clear safety rules such as only navigating to links discovered via search results.
[COMMAND_EXECUTION]: The story-researcher agent utilizes the Bash tool to interact with the environment (checking for open ports) and to invoke browser tools (agent-browser) for its research tasks.
[INDIRECT_PROMPT_INJECTION]: Several agents in the toolkit (Writer, Checker, Researcher) ingest and process untrusted data from project files (user-authored chapters) or external web content. The prompts do not specify explicit boundary markers or sanitization steps to isolate this data from agent instructions, which is a known attack surface for indirect prompt injection, although the impact is limited by the skill's specific focus on literary content.

story-setup