Skills generated by this tool are markdown files that instruct LLMs to act on your behalf. When loaded by Claude Code, a skill runs with your full user permissions. This means a skill can:
- Read and write files anywhere your user account can access
- Execute shell commands
- Make network requests (if web tools are available)
You are responsible for reviewing generated skills before first use.
Every skill generated by this tool includes:
- A safety notice reminding users to review before execution
- A mandatory constraint prohibiting destructive operations without explicit user confirmation
- No default access to shell or network unless specifically requested
If you find a template or generated pattern that could lead to unintended destructive behavior, data exposure, or permission escalation:
- Do NOT open a public issue
- Use GitHub's private vulnerability reporting feature on this repository
- Include: the template or skill in question, the problematic instruction, and a description of the potential harm
We will acknowledge within 48 hours and provide a fix within 7 days.
- Bugs in Claude Code itself (report to Anthropic)
- Bugs in other LLMs (report to their vendors)
- User-authored skill content that intentionally performs destructive actions