The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides documentation and instructions for integrating numerous well-known analytics and monitoring services (e.g., Amplitude, Mixpanel, Segment, Sentry, Google Analytics). The reference files point to official CDN scripts and legitimate NPM packages for these services.
[DATA_EXFILTRATION]: No evidence of unauthorized data transfer was found. The skill is designed to facilitate the intentional transmission of product usage telemetry to chosen analytics destinations. It includes detailed guidance on using backend-mediated flows (Forge platform) to ensure user privacy and prevent accidental exposure of sensitive data (PII).
[PROMPT_INJECTION]: The instructions do not contain any patterns attempting to bypass safety filters or override system instructions. The skill focuses on translating structured data (tracking plans) into technical documentation.
[COMMAND_EXECUTION]: While the reference files mention package installation commands (e.g., npm install), these are provided as instructional content for developers and are not executed by the agent itself.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of .telemetry/tracking-plan.yaml. However, it treats this data as a schema for generating a markdown guide and does not use it to execute code or perform sensitive operations, minimizing the risk surface.
[SAFE]: The skill author (accoil) has implemented security best practices, such as recommending environment variables for API keys and providing clear warnings about Atlassian Forge compliance requirements (e.g., the inScopeEUD manifest flag).

product-tracking-generate-implementation-guide