managing-local-skills
Manages Claude Code skills from plugin marketplaces using the local-skills CLI. Use when the user wants to add, update, remove, list, or inspect skills from a marketplace, or when managing the project's .claude/skills/ directory with version-tracked skills. Triggers on "install a skill", "add skill from marketplace", "update skills", "list available skills", "remove skill", or "local-skills".
96
96%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly shallow-clones external marketplaces (e.g., GitHub owner/repo or arbitrary git URLs via the `local-skills add <plugin>@<marketplace>/<skill>` specifier) and reads/copies skill directories into .claude/skills/, so untrusted third-party repository content is fetched and can directly influence agent behavior.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 1.00). The local-skills CLI shallow-clones marketplace git repositories at runtime (e.g., https://gitlab.com/team/repo.git) and then installs skill directories whose files (prompts/skill code) directly define agent behavior, so fetched remote content can control prompts or include executable code.
- Repository
- vgeshel/local-skills
- Commit
c10c616
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.