The Agent Skills Directory

[COMMAND_EXECUTION]: The skill guides the agent to use vendor/bin/monorepo-builder and composer for project management. These are standard, industry-accepted tools for PHP monorepo development.
[EXTERNAL_DOWNLOADS]: The skill refers to the monorepo-php/monorepo package via Packagist. This is an established package from a recognized organization in the PHP ecosystem.
[PROMPT_INJECTION]: The skill processes data from composer.json files within the monorepo packages to perform merges and validations. This introduces a surface for indirect prompt injection if external contributors include malicious text in package metadata. However, the skill does not grant elevated permissions based on this data, and this risk is inherent to the tool's core functionality of processing project metadata.
[DATA_EXFILTRATION]: No exfiltration patterns or unauthorized network operations were identified. The tool's operations are confined to the local project environment and standard version control workflows.

php-monorepo-builder