(args, toolUseContext)
| 342 | hooks, |
| 343 | skillRoot: baseDir, |
| 344 | async getPromptForCommand(args, toolUseContext) { |
| 345 | let finalContent = baseDir |
| 346 | ? `Base directory for this skill: ${baseDir}\n\n${markdownContent}` |
| 347 | : markdownContent |
| 348 | |
| 349 | finalContent = substituteArguments( |
| 350 | finalContent, |
| 351 | args, |
| 352 | true, |
| 353 | argumentNames, |
| 354 | ) |
| 355 | |
| 356 | // Replace ${CLAUDE_SKILL_DIR} with the skill's own directory so bash |
| 357 | // injection (!`...`) can reference bundled scripts. Normalize backslashes |
| 358 | // to forward slashes on Windows so shell commands don't treat them as escapes. |
| 359 | if (baseDir) { |
| 360 | const skillDir = |
| 361 | process.platform === 'win32' ? baseDir.replace(/\\/g, '/') : baseDir |
| 362 | finalContent = finalContent.replace(/\$\{CLAUDE_SKILL_DIR\}/g, skillDir) |
| 363 | } |
| 364 | |
| 365 | // Replace ${CLAUDE_SESSION_ID} with the current session ID |
| 366 | finalContent = finalContent.replace( |
| 367 | /\$\{CLAUDE_SESSION_ID\}/g, |
| 368 | getSessionId(), |
| 369 | ) |
| 370 | |
| 371 | // Security: MCP skills are remote and untrusted — never execute inline |
| 372 | // shell commands (!`…` / ```! … ```) from their markdown body. |
| 373 | // ${CLAUDE_SKILL_DIR} is meaningless for MCP skills anyway. |
| 374 | if (loadedFrom !== 'mcp') { |
| 375 | finalContent = await executeShellCommandsInPrompt( |
| 376 | finalContent, |
| 377 | { |
| 378 | ...toolUseContext, |
| 379 | getAppState() { |
| 380 | const appState = toolUseContext.getAppState() |
| 381 | return { |
| 382 | ...appState, |
| 383 | toolPermissionContext: { |
| 384 | ...appState.toolPermissionContext, |
| 385 | alwaysAllowRules: { |
| 386 | ...appState.toolPermissionContext.alwaysAllowRules, |
| 387 | command: allowedTools, |
| 388 | }, |
| 389 | }, |
| 390 | } |
| 391 | }, |
| 392 | }, |
| 393 | `/${skillName}`, |
| 394 | shell, |
| 395 | ) |
| 396 | } |
| 397 | |
| 398 | return [{ type: 'text', text: finalContent }] |
| 399 | }, |
| 400 | } satisfies Command |
| 401 | } |
nothing calls this directly
no test coverage detected