From 098398431fdf469aa41c7d26acde1e3a35069ec3 Mon Sep 17 00:00:00 2001 From: Jonathan Santilli <1774227+jonathansantilli@users.noreply.github.com> Date: Tue, 21 Apr 2026 13:39:40 +0100 Subject: [PATCH] feat(knowledge-base): recognize Anthropic Skills layout for claude-code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds skill_paths entries for `.claude/skills/*/SKILL.md` at both project and user scope. Anthropic's Skills system (distinct from Claude Code's older custom-commands system) stores each skill as `/SKILL.md` under `.claude/skills/`, and this layout was not previously first-class in the knowledge base — scanners fell through to the generic `skill.md` regex in scan.ts, which tags the file as `codex-cli`. Risk surface chosen to mirror what Anthropic skills actually bundle: - prompt_injection (SKILL.md is natural-language instructions) - unicode_backdoor (steganographic payloads in headings/frontmatter) - command_exec (skills can ship shell scripts or curl|sh instructions) - mcp_config (skills can bundle .mcp.json / .claude/settings.json) Mirrors the shape of the existing `.opencode/skills/**/*.md` entry in opencode.json. --- src/knowledge-base/claude-code.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/knowledge-base/claude-code.json b/src/knowledge-base/claude-code.json index 3582b17..d47c90a 100644 --- a/src/knowledge-base/claude-code.json +++ b/src/knowledge-base/claude-code.json @@ -133,6 +133,18 @@ "scope": "user", "type": "custom_command", "risk_surface": ["prompt_injection"] + }, + { + "path": ".claude/skills/*/SKILL.md", + "scope": "project", + "type": "anthropic_skill", + "risk_surface": ["prompt_injection", "unicode_backdoor", "command_exec", "mcp_config"] + }, + { + "path": ".claude/skills/*/SKILL.md", + "scope": "user", + "type": "anthropic_skill", + "risk_surface": ["prompt_injection", "unicode_backdoor", "command_exec", "mcp_config"] } ], "extension_mechanisms": [