The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines a strict 'STOP PROTOCOL' using high-pressure language ('MUST NOT VIOLATE', 'ABSOLUTELY FORBIDDEN') designed to override the agent's standard interaction patterns and enforce specific turn-taking and educational workflows.
[REMOTE_CODE_EXECUTION]: The curriculum guides users to install external plugins from third-party GitHub repositories such as 'obra/superpowers-marketplace' and 'team-attention/plugins-for-claude-natives'. It also instructs the creation of automated 'hooks' in the configuration files that execute shell commands during specific agent lifecycle events.
[COMMAND_EXECUTION]: The skill provides functional Bash scripts for terminal status lines and explicitly teaches users how to execute direct shell commands through the agent's interface using the '!' prefix.
[EXTERNAL_DOWNLOADS]: The agent is instructed to fetch documentation from 'code.claude.com' using curl and download various plugins from external developer repositories to demonstrate extensibility features.
[DATA_EXFILTRATION]: No sensitive data extraction or external exfiltration patterns were detected; however, the skill demonstrates how to read and modify local system configuration files such as '~/.claude/settings.json'.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: The skill instructions require the agent to use curl to fetch content from official documentation URLs and process it with file-reading tools (SKILL.md).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential embedded instructions within the fetched documentation.
Capability inventory: The agent possesses extensive capabilities including shell command execution, file system modification, and plugin management across multiple reference files.
Sanitization: There is no evidence of content sanitization or validation logic for data retrieved from external URLs.

day1-onboarding